Kapil Sachdeva's Blog - SmartCard Serenity

Download WSE 2.0 SP1 from MSDN.

Hervey mentions the change log here

Its bit hard for me to digest that IBM being the WS-Federation standard founder went for a deal with France telecom (one of the founders of Liberty alliance) to conform to Libery standard for identity federation. Not to mention that Libery group members must also be in uncomfortable position as IBM being competitor in the authoring the federation standards.

Read more about the contract here.

At Burton catalyst last week to whomsoever I talked about the religious war between libery and WS-Federation every body has an opinion that they should merge. Most of them were looking to support both though.

.NET SmartCard will be supporting both the standards but definitely its a pain for vendors.

Last week at Microsoft Hospitality suite in Burton Catalyst conference I showed a demo showing the roles smartcards could play in Webservices security & federation. Demo comprised of 2 webservices - AirTicketService & CarRentalService, a company portal (TravelPortal)  and .NET SmartCard hosting Security Token Service (STS) , Pseudonym Service.  Also used was my WS-Federation implementation from Plumbwork workspace at GDN.

Objectives of the demo were :

• .NET SmartCard as a server hosting STS and Pseudonym service.
• Seamless integration of .NET SmartCard with WSE 2.0.

Following were the steps of the demo :

1. User goes to the company Travel portal and presents the pin to authenticate to the smartcard.
2. Travel portal on successful authentication to the card send RST (Request Security Token message) to STS residing in smartcard to get the token for AirTicketService. I used a custom token with has a symmetric key encrypted with public key of the requestor.
3. Travel portal then signs and encrypt the request to airticket service with the token retrived from card.
4. Airticket service after receiving the signed and encrypted makeReservation request, sends the GetPseudonym message to the pseudonym service residing in smart card
5. GetPseudonymResponse is returned by the smartcard containg the attributes of the principal.
6. Similar steps happen for the CarRental service.

The demo basically depicts figure 6 of the IBM/Microsoft paper on federarion.

this is the new home for my blog...... i have been blogging since june 2004 at http://ksachdeva.blogspot.com but decided to buy a domain reflecting the domain I work in  . I will be posting interesting stuff on SmartCards technology & applications, WebServices security, Identity management etc etc.