Table of Contents
Advertisement
The purpose of a card is to define the source for the identity, the provider of the authentication token,
and the credentials provided in the token.
token can be either an identity provider when a managed card is selected or the CardSpace client
when a personal card is selected.
Figure 6-2
Figure 6-2
Relying Parties
X
1
Application
1. The user requests access to an application, and the application sends the request to the relying
party. The relying party returns the security token requirements, which include the issuer ID,
the required attributes, and the token type to CardSpace.
2. The CardSpace client software highlights the cards that meet the requirements, and the user
selects the card to use.
3. The CardSpace client software requests a security token from its configured trusted identity
provider, and the identity provider returns the security token.
4. The CardSpace client software presents the token to the relying party, and if it matches the
requirements, the user is granted access.
The Novell Identity Server can be configured to act as relying party or as an identity provider.
6.2 Prerequisites for CardSpace
Your Identity Server cluster configuration must be configured for HTTPS. For configuration
information, see
Guide.
CardSpace requires high encryption. Export laws prevent Access Manager from shipping with
the high encryption library for JRE. To add this library, see
Encryption," on page
168 Novell Access Manager 3.1 SP1 Identity Server Guide
illustrates the process when a relying party requests a token.
Using a Card for Authentication
Y
Z
Security
4
Token
Managed Card
Managed Card
Personal Card
2
CardSpace Client
"Enabling SSL
169.
Figure 6-1
illustrates that the provider for the identity and
Identity Providers
A
B
3
Communication" in the
Novell Access Manager 3.1 SP1 Setup
C
Security
Token
Section 6.2.1, "Enabling High
Advertisement
Table of Contents
Troubleshooting
