UniqueID and PPIDhttp://blogs.msdn.com/b/vbertocci/archive/2007/01/15/uniqueid-and-ppid.aspx[edit: Caleb points out that I could be clearer in stating that using just the PPID for authenticating requests is truly a bad idea, and I have to agree. Language hardening in progress..] In short: When you register users by using their informationen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)NoSSL sample: a class for checking signatures of tokens sent to the RP in clear HTTPhttp://blogs.msdn.com/b/vbertocci/archive/2007/01/15/uniqueid-and-ppid.aspx#7875879Sun, 24 Feb 2008 14:26:16 GMT91d46819-8472-40ad-a661-2c78acb4018c:7875879Noticias externas<p>In short: I show a simple class that checks the signature of self issued tokens sent on a normal HTTP</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=7875879" width="1" height="1">NoSSL sample: a class for checking signatures of tokens sent to the RP in clear HTTPhttp://blogs.msdn.com/b/vbertocci/archive/2007/01/15/uniqueid-and-ppid.aspx#7875632Sun, 24 Feb 2008 14:07:22 GMT91d46819-8472-40ad-a661-2c78acb4018c:7875632Vibro.NET<p>In short: I show a simple class that checks the signature of self issued tokens sent on a normal HTTP</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=7875632" width="1" height="1">Certificates, Information Cards, PPIDs and misconceptions.http://blogs.msdn.com/b/vbertocci/archive/2007/01/15/uniqueid-and-ppid.aspx#7385778Sat, 02 Feb 2008 12:48:11 GMT91d46819-8472-40ad-a661-2c78acb4018c:7385778idunno.org<p>Certificates, Information Cards, PPIDs and misconceptions.</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=7385778" width="1" height="1">On the idea of Portable STS (P-STS)http://blogs.msdn.com/b/vbertocci/archive/2007/01/15/uniqueid-and-ppid.aspx#7281511Mon, 28 Jan 2008 09:52:24 GMT91d46819-8472-40ad-a661-2c78acb4018c:7281511Vibro.NET<p>Already Sunday evening. It was a weird weekend, partially spent under the influx of powerful pain killers</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=7281511" width="1" height="1">Windows CardSpace will work without HTTPS, toohttp://blogs.msdn.com/b/vbertocci/archive/2007/01/15/uniqueid-and-ppid.aspx#5115990Tue, 25 Sep 2007 11:09:55 GMT91d46819-8472-40ad-a661-2c78acb4018c:5115990 Vibro.NET<p>In short: I discuss a new feature, introduced by the .NET framework 3.5 and by a (future) update of IE,</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=5115990" width="1" height="1">CardSpace, PPID, Security, Javascript Hijackinghttp://blogs.msdn.com/b/vbertocci/archive/2007/01/15/uniqueid-and-ppid.aspx#2017982Tue, 03 Apr 2007 15:51:13 GMT91d46819-8472-40ad-a661-2c78acb4018c:2017982Mike Taulty's Blog<p>I was on my way up to Glasgow today to talk at an MSDN event about Framework V3.0 and it meant that I...</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=2017982" width="1" height="1">re: UniqueID and PPIDhttp://blogs.msdn.com/b/vbertocci/archive/2007/01/15/uniqueid-and-ppid.aspx#1548118Sun, 28 Jan 2007 23:31:01 GMT91d46819-8472-40ad-a661-2c78acb4018c:1548118Garrett Serack, MSFT<p>I have finally posted my PPID information.</p> <p><a rel="nofollow" target="_new" href="http://www.fearthecowboy.com/2007/01/me-and-my-ppid-can-i-rely-on-it.html">http://www.fearthecowboy.com/2007/01/me-and-my-ppid-can-i-rely-on-it.html</a></p> <p>Garrett Serack | CardSpace Community PM | f e a r t h e c o w b o y </p> <p>blog: <a rel="nofollow" target="_new" href="http://fearthecowboy.com">http://fearthecowboy.com</a></p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=1548118" width="1" height="1">UniqueID maintenance in the storehttp://blogs.msdn.com/b/vbertocci/archive/2007/01/15/uniqueid-and-ppid.aspx#1484524Wed, 17 Jan 2007 21:37:13 GMT91d46819-8472-40ad-a661-2c78acb4018c:1484524Vibro.NET<p>The comments to my blog stopped working. I am working on it, but in the meanwhile here there's the answer</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=1484524" width="1" height="1">re: UniqueID and PPIDhttp://blogs.msdn.com/b/vbertocci/archive/2007/01/15/uniqueid-and-ppid.aspx#1470762Mon, 15 Jan 2007 14:55:29 GMT91d46819-8472-40ad-a661-2c78acb4018c:1470762Matt Ellis<p>Hi Vittorio.</p> <p>I'm wondering what happens if the IP's cert changes (perhaps the private key is compromised)? With a bit of co-ordination, you can update your copy of their public key, so you can still verify incoming tokens, but would the unique id now be incorrect? Is this even a situation that can happen?</p> <p>Cheers!</p> <p>Matt</p><div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=1470762" width="1" height="1">