An experiment with my new tablet device
The screencast (with no audio) shows the flow of a Concordia use case showing a SAML domain connected to an Infocard domain - a user authenticating with a managed card followed by SAML-based SSO. The hybrid Infocard RP/SAML IDP in the middle is the glue.
The interesting piece of the scenario (to be demoed at RSA in April) is determining how 'authentication policy' can persist across the domain boundaries - mapping from SAML's authentication context mechanisms to comparable support in WS-Trust & the card selectors.
Please note the festive colours.