Infocard

06-03-2006

Hello,

I have 3 questions about Infocard

1) The identity selector contacts the identity provider to obtain a
security token. Does he include in his messages to what relying party
he is going to send it, or does he only say: I need that kind of token
with those claims in it? --> has the identity provider any clue for
what the token will be used?

2) Does the identity provider (STS) create a new security token for
every request, or are they cached?

3) Isn't it a lot of work to always contact the identity provider (STS)
and ask him to give (and generate?) a new security token? Why can't the
user just have the security tokens at his own computer? Is this a
scalable solution?

Thanks!

06-03-2006	#1 (permalink)
brijnaald@gmail.com Guest Posts: n/a	Infocard Hello, I have 3 questions about Infocard 1) The identity selector contacts the identity provider to obtain a security token. Does he include in his messages to what relying party he is going to send it, or does he only say: I need that kind of token with those claims in it? --> has the identity provider any clue for what the token will be used? 2) Does the identity provider (STS) create a new security token for every request, or are they cached? 3) Isn't it a lot of work to always contact the identity provider (STS) and ask him to give (and generate?) a new security token? Why can't the user just have the security tokens at his own computer? Is this a scalable solution? Thanks!
brijnaald@gmail.com Guest Posts: n/a

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode