--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "User-Centric Identity Interop" group.
To post to this group, send email to user-centric-i...@googlegroups.com
To unsubscribe from this group, send email to user-centric-identit...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/user-centric-identity-interop?hl=en
-~----------~----~----~----~------~----~------~--~---
Von: user-centric-i...@googlegroups.com [mailto:user-centric-i...@googlegroups.com] Im Auftrag von John Bradley
Gesendet: Montag, 6. April 2009 23:23
An: user-centric-i...@googlegroups.com
Betreff: [Interop] Re: xmldap.org is down
Von: user-centric-i...@googlegroups.com [mailto:user-centric-i...@googlegroups.com] Im Auftrag von Chuck Mortimore
Gesendet: Montag, 6. April 2009 23:43
I see that xmldap.org is back up but there’s no http://www.xmldap.org/relyingparty page. There’s a few OSIS and IMI-related tests that xmldap was the ideal site to perform with. Given that the OSIS in-person interop is on Sunday, any chance of getting it back up by then?
Hopefully,
-- Mike
They must match.
Von: Mike Jones [mailto:Michae...@microsoft.com]
Gesendet: Donnerstag, 16. April 2009 18:55
An: user-centric-i...@googlegroups.com
Cc: Nennker, Axel
Betreff: RE: [Interop] Re: xmldap.org is down
More precisely, they must match for managed backed by self-issued cards. The reason is that the IssuerID is computed from the cert in the .crd file and is then used to match the correct self-issued card, for which a security token is created to send to the IdP endpoint in the RST. If the OLSC values and EV status of the issuer and STS certs don’t match, the selector won’t be able to locate the correct self-issued card to use to generate the token to send to the STS in the RST.
For other managed card types, the issuer cert and STS cert could be different.
-- Mike