By Rohan Pinto on Nov 04, 2006
- The browser InfoCard support code invokes the InfoCard identity selector, passing it parameter values supplied by the InfoCard HTML tag supplied by the site.
- The user then uses the identity selector to choose an InfoCard, which represents a digital identity that can be used to authenticate at that site.
- The Identity Selector uses the Identity Metasystem protocols to retrieve a security token representing the digital identity selected by the user from the STS at the identity provider for that identity.
- The browser should post the token obtained back to the web site using a HTTP(S)/POST.
- The web site validates the token, completing the user’s InfoCard-based authentication to the web site.
- Following authentication, the web site would typically then write a client-side browser cookie and redirect the browser back to the protected page.