Comments on: I got the issuer blues… http://eternallyoptimistic.com/2007/05/10/i-got-the-issuer-blues/ Fri, 29 Jan 2010 22:51:53 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Pedro Felix http://eternallyoptimistic.com/2007/05/10/i-got-the-issuer-blues/comment-page-1/#comment-235 Pedro Felix Thu, 10 May 2007 22:11:47 +0000 http://eternaloptimist.wordpress.com/2007/05/10/i-got-the-issuer-blues/#comment-235 Hello. I've ran into a similar problem, when using WCF. I've detailed it in the following post (Microsoft's WCF forum): http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1578774&SiteID=1 Hello.
I’ve ran into a similar problem, when using WCF. I’ve detailed it in the following post (Microsoft’s WCF forum):
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1578774&SiteID=1

]]> By: Identity 2.0 » Blog Archive » I got the issuer blues… http://eternallyoptimistic.com/2007/05/10/i-got-the-issuer-blues/comment-page-1/#comment-236 Identity 2.0 » Blog Archive » I got the issuer blues… Thu, 10 May 2007 21:16:18 +0000 http://eternaloptimist.wordpress.com/2007/05/10/i-got-the-issuer-blues/#comment-236 [...] original here: Pamela Identity [...] [...] original here: Pamela Identity [...]

]]> By: Pamela http://eternallyoptimistic.com/2007/05/10/i-got-the-issuer-blues/comment-page-1/#comment-233 Pamela Thu, 10 May 2007 17:54:40 +0000 http://eternaloptimist.wordpress.com/2007/05/10/i-got-the-issuer-blues/#comment-233 My understanding is that WCS v1.0 can't handle multiple issuers, even if those multiple issuers come from a validly formed WS-SecurityPolicy statement. I haven't tried it though, and it would be great to get 'official' confirmation of the fact. My understanding is that WCS v1.0 can’t handle multiple issuers, even if those multiple issuers come from a validly formed WS-SecurityPolicy statement. I haven’t tried it though, and it would be great to get ‘official’ confirmation of the fact.

]]> By: Kim Cameron’s Identity Weblog » Pamela Dingle on multiple issuers http://eternallyoptimistic.com/2007/05/10/i-got-the-issuer-blues/comment-page-1/#comment-232 Kim Cameron’s Identity Weblog » Pamela Dingle on multiple issuers Thu, 10 May 2007 17:54:37 +0000 http://eternaloptimist.wordpress.com/2007/05/10/i-got-the-issuer-blues/#comment-232 [...] clear and advanced thinking from Pamela Dingle at Eternal [...] [...] clear and advanced thinking from Pamela Dingle at Eternal [...]

]]> By: Mark Wahl http://eternallyoptimistic.com/2007/05/10/i-got-the-issuer-blues/comment-page-1/#comment-234 Mark Wahl Thu, 10 May 2007 17:35:43 +0000 http://eternaloptimist.wordpress.com/2007/05/10/i-got-the-issuer-blues/#comment-234 FYI I can't speak for CardSpace, but in theory having multiple, alternative, issuers in theory could be written in the WS-SecurityPolicy encoding of RP policy. This is much more expressive than what can be written in the HTML OBJECT PARAM or XHTML encodings of RP policy. Quoting section 3.1.1 of WS-SecurityPolicy http://www.oasis-open.org/committees/download.php/15979/oasis-wssx-ws-securitypolicy-1.0.pdf "Let’s say that a policy wishes to express requirements for A and (B or C). This could be described as two policy statements ... Alternatively, we can use the wsp:All and wsp:ExactlyOne elements to describe the alternative policy in a single wsp:Policy element..." I don't remember seeing anything in the CardSpace Technical Reference of December 2006 http://download.microsoft.com/download/2/7/c/27c16ebb-bf83-4abd-8002-21fa111ba7ac/infocard-profile-v1-techref.pdf that said CardSpace 1.0 identity selector's support of WS-SecurityPolicy couldn't or wouldn't support parsing nested policies, though I haven't yet tried it. Mark Wahl Informed Control Inc. FYI I can’t speak for CardSpace, but in theory having multiple, alternative, issuers in theory could be written in the
WS-SecurityPolicy encoding of RP policy. This is much
more expressive than what can be written in the HTML OBJECT PARAM or XHTML encodings of RP policy.

Quoting section 3.1.1 of WS-SecurityPolicy
http://www.oasis-open.org/committees/download.php/15979/oasis-wssx-ws-securitypolicy-1.0.pdf
“Let’s say that a policy wishes to express requirements for A and (B or C). This could be described as two policy statements …
Alternatively, we can use the wsp:All and wsp:ExactlyOne elements to describe the alternative policy in a single wsp:Policy element…”

I don’t remember seeing anything in the CardSpace Technical Reference of December 2006
http://download.microsoft.com/download/2/7/c/27c16ebb-bf83-4abd-8002-21fa111ba7ac/infocard-profile-v1-techref.pdf
that said CardSpace 1.0 identity selector’s support of WS-SecurityPolicy couldn’t or wouldn’t support parsing nested policies, though I haven’t yet tried it.

Mark Wahl
Informed Control Inc.

]]>