SP Infocard Discussion
Infocard issues and choices at the SP
Session initiation
Infocard login is initiated by a form posting. The form lists all the requested attributes, required and optional.
We define a template files containing such form and define a session initiator to go with each file. Thus the specific sets of attributes are predefined and each is selected by the corresponding session initiator's id.
Known IdP
A response from an IdP contains the KeyInfo identity of the IdP. We use this to locate the IdP's metadata and pass the entity ID in the environment variable Shib_Identity_Provider. Other attribute processing is similar to a normal SAML2 IP response.
Self-issued cards
A response from an IS personal card contains the a unique public key modulus and exponent. A hash of this information is passed in the environment variable Shib_Infocard_Key. Other card claims are passed similar to a normal SAML2 IP response.