From short investigation and a lot of information from Richard Turner's screencasts
Here is what I get. To make my ASP.NET app I need:
- Write ASP.NET server side code to validate the token that holds end user's data, further processing might include checking against membership provider - CardSpace Simple Demo screencast on Channel9
- Add client script code to specify CardSpace object and its properties, like required claims. This will trigger CardSpace UI to show up for the end user - CardSpace Simple Demo screencast on Channel9
- Configure IIS to require SSL connection - New Screencast: How to configure IIS7 for Windows CardSpace sites
- Give application pool account read access to private key for the server cert that actually gives SSL support. This is needed for decrypting the XML token in the server code for its further deserialization - Secure your private keys more easily with Vista
I got it right? Forgetting something?