CardSpace in P2P

Hi Garrett - i'm interested in scenarios such as peer services, which may not necessarily run under the context of the interactive user, say a Windows Service.

Look forward to the upcoming scenarios!

steven
http://stevenR2.com

StevenR2 at 2007-10-7 >

This actually doesn't necessarily apply to P2P and i may be clutching at straws, but I'm thinking out the box a little and about where this technology could be used (it has been an area of interest for a few years now). So please knock me down with a big stick if an idea sounds ridiculous!

Consider a service that purchases items from a one of a set of web services, depending on the item. Or, in the case of P2P, consider a service that can respond to requests from remote users requesting a file (say you advertise these files on some shared P2P app).

In these cases, you may wish the service to adopt a different identity when requested. So I am "Company X, Department A" in one case and "Company Y, Department B" in another, pasing some relevent identification data (sign off manager etc).

In the second case, when a request for a file comes in you may wish the service to reply with some specific identity based on the request channel (not quite figured out this part and what a channel is, but let's just say it implies some user context, such as internal/external). The identity used for two different contexts may be different ("Owned by Steven L" v "Owned by MyMedia Corp."). This could allow the remote user to decide whether to trust the service or not.

I guess i'm thinking about how identity could be used in a dynamic sense. I understand implications of relaying user identity automatically (would i want any app to just send my "Bank Identity"!!?), but at the same time, there may be some cases where an identity - above and beyond the WCF service authentication - may be useful. I could likely use WCF and certs to provide the kind of certificate based trust we have today, but it seems nice to me to be able to apply some kind of identity to the service that says "the service sending you this file is blah".

Steven
http://stevenR2.com

StevenR2 at 2007-10-7 >

I had two questions:

1) Any reason why there are no RC1 samples available on the cardspace site?

2) I was thinking of using CardSpace as an authentication scheme for a P2P game that had a single authentication server location. Is this a good scenario? All I really need is a card that contains the player's alias/handle and possibly an Image like a buddy icon (can be a URL if cardspace doesn't support image-type evidence). In this case, would my game client then have a situation in which it issued a card, and pointed to my authentication server for the STS location? If that's the case - is there a sample of having a Winforms/WPF application issue a card?

KevinHoffman at 2007-10-7 >

Uh, there is now!

1) Any reason why there are no RC1 samples available on the cardspace site?

Well, There are samples there now (except the STS, that should be later today... :D ), and I apologise for not having them done sooner. The reality is that in addition to being the CardSpace forum troll, I also own the SDK docs and samples, and that was waaaaaaaaaaaaaaay more work than I had been lead to believe, and the deadlines in order to make the RTM dates meant that the updates to the Samples for RC1 didn't get processed until this week, and now I'm trying to catch up on the 30 or so outstanding questions on the forum, and at between 10 and 200 minutes per question...

2) I was thinking of using CardSpace as an authentication scheme for a P2P game that had a single authentication server location. Is this a good scenario? All I really need is a card that contains the player's alias/handle and possibly an Image like a buddy icon (can be a URL if cardspace doesn't support image-type evidence). In this case, would my game client then have a situation in which it issued a card, and pointed to my authentication server for the STS location? If that's the case - is there a sample of having a Winforms/WPF application issue a card?

It shouldn't be terribly difficult to create such a thing.

The code in my CardWriter is fairly simple, and could be adapted to your own purposes, in any type of applicaiton. The Simple STS will require a bit of customization as well.

I think the only thing that may be tricky is who is the consumer of the token? If each of the peers is able to accept and decrypt the token, then they will all need the certificate+private key to understand the token, and peers should create a connection in each direction to exchange cards.

Not that it is impossible or anything, but CardSpace v1 hasn't had P2P scenarios spec'd out for it.

Thanks,

g	Garrett Serack | Program Manager |Federated Identity Team | Microsoft Corporation blog:http://blogs.msdn.com/garretts

GarrettSerack-MSFT at 2007-10-7 >