To understand this discussion, start here and then follow the continuation links until you return to this posting. Click on the images below to see a larger and more readable version.
In the demo, as shown in the following screen shot, only the HelloWorld card is illuminated – all the other cards were “greyed out” as inappropriate:
This happened because in the Information Card login page, the “relying party” expressed a requirement that a HelloWorld card be presented. This was done by embedding “policy” in the “object tag” that tells the browser (and through it, CardSpace) what Information Cards will be accepted. To drill into this, let's look again at the login page:
Here's the HTML that created it:
You'll see that one of the PARAMs in the OBJECT tag is “tokenType”. It's set to a completely arbitrary value – one I made up to show you can do whatever you want – of http://kcameron11/identity/helloworldToken, Since I specified this specific token type, only Information Cards that support it will illuminate at selection time when you go to this web page. Further, the other PARAM specifies “requiredClaims”. Only Information Cards that support these values will be possible candidates.
The InfoCard Web App and Browser Guide has more information about the OBJECT tag.
In the next installment, I'll explain how the Identity Provider works, and you'll be able to examine the code.
Hi Kim! Thank you for the tutorial.
So, you say the token type can be arbitrary. But isn't it a missuse of the token type and a lack of interoperability? Wouldn't it be better approach to use standards (SAML) for token type and distinct cards by their issuers?
What will be your guidance for requesting token types and issuers in different scenarios?
P.S. What an ugly site is it?! Before being logged in you see just a normal commenting form with name, email, website and comment text. [And actually, when you post a comment it says you should be logged in BEFORE posting a comment! Fortunately I have a habit to copy everything before hitting submit anywhere on the web 🙂 ] And then during the registration process there is no website field anymore, only name and email!
But wait, there is more. Finally, the profile page returns an error when I try to add my website! And you, Kim, can write about the identity metasystem changing our lives after all that? First, start from yourself and your blog!
Sorry, if it sounds a bit offensive, but I was just offended too. Hope your blog supports ping-backs—next time I'll post a comment from my own blog.