Infocard issues and choices at the SP

Session initiation

Infocard login is initiated by a form posting. The form lists all the requested attributes, required and optional.

We define a template files containing such form and define a session initiator to go with each file. Thus the specific sets of attributes are predefined and each is selected by the corresponding session initiator's id.

Known IdP

A response from an IdP contains the KeyInfo identity of the IdP. We use this to locate the IdP's metadata and pass the entity ID in the environment variable Shib_Identity_Provider. Other attribute processing is similar to a normal SAML2 IP response.

Self-issued cards

A response from an IS personal card contains the a unique public key modulus and exponent. A hash of this information is passed in the environment variable Shib_Infocard_Key. Other card claims are passed similar to a normal SAML2 IP response.