This planning guide reviews the Tivoli® Federated Identity Manager implementation of the Information Card standard, and describes how to plan the configuration process. This guide does not provide a comprehensive review of the Information Card standard.
You can use the Information Card system to manage your digital identities from various identity providers. Then, you can and use these digital identities to access various services that accept these digital identities.
Administrators who are not familiar with the standard must review the Information Card documentation in the Microsoft website.
The Tivoli Federated Identity Manager support for Information Card includes deployment of Tivoli Federated Identity Manager in both of the Information Card roles: Managed Identity Provider and Relying Party.
The protocol flow when the user provides an information card to authenticate at a website, resembles the forms-based login flow. However, it requires extra steps.
The user then selects an Information Card, which represents a digital identity that can be used to authenticate at the site.
If you use WebSphere® 6.X, you can still use the Tivoli Federated Identity Manager Security STS client while Tivoli Federated Identity Manager supports WebSphere 6.X. When Tivoli Federated Identity Manager discontinues its support for WebSphere 6.X, use WebSphere Application Server version 7 Update 11 and later. See WS-Trust client API and WS-Trust Clients for details.
In the protocol flow, the Relying Party and the identity provider do not communicate directly with each other. By default, neither party is aware of the other. The Relying Party does not know which identity provider was selected by the user until the token is received in Step 5. At that time, the Relying Party can learn the identity by examining the Issuer field in the token.
You can use the Information Card to prompt the identity provider to require identification from the Relying Party. However, doing so is not a requirement, and is typically discouraged.