moving missing WCF assembly (mono-only one).

svn path=/trunk/mcs/; revision=134063

30 files changed, 2421 insertions, 0 deletions

diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Assembly/AssemblyInfo.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Assembly/AssemblyInfo.cs
new file mode 100644
index 00000000000..a1531139e48
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Assembly/AssemblyInfo.cs
@@ -0,0 +1,59 @@
+//
+// AssemblyInfo.cs
+//
+// Author:
+//   Andreas Nahr (ClassDevelopment@A-SoftTech.com)
+//
+// (C) 2003 Ximian, Inc.  http://www.ximian.com
+//
+
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+using System;
+using System.Reflection;
+using System.Resources;
+using System.Security;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about the System.ServiceModel assembly
+
+[assembly: AssemblyVersion (Consts.FxVersion)]
+[assembly: SatelliteContractVersion (Consts.FxVersion)]
+
+[assembly: AssemblyTitle ("Mono.ServiceModel.IdentitySelectors.dll")]
+[assembly: AssemblyDescription ("Mono.ServiceModel.IdentitySelectors.dll")]
+[assembly: AssemblyConfiguration ("Development version")]
+[assembly: AssemblyCompany ("MONO development team")]
+[assembly: AssemblyProduct ("MONO CLI")]
+[assembly: AssemblyCopyright ("(c) 2003 Various Authors")]
+[assembly: AssemblyTrademark ("")]
+
+[assembly: CLSCompliant (true)]
+[assembly: AssemblyDefaultAlias ("Mono.ServiceModel.IdentitySelectors.dll")]
+[assembly: AssemblyInformationalVersion ("0.0.0.1")]
+[assembly: NeutralResourcesLanguage ("en-US")]
+
+[assembly: ComVisible (false)]
+
+[assembly: AssemblyDelaySign (true)]
+[assembly: AssemblyKeyFile("../mono.pub")]
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Assembly/ChangeLog b/mcs/class/Mono.ServiceModel.IdentitySelectors/Assembly/ChangeLog
new file mode 100644
index 00000000000..8e2f817e643
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Assembly/ChangeLog
@@ -0,0 +1,3 @@
+2007-04-18  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* AssemblyInfo.cs : initial commit.
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/ChangeLog b/mcs/class/Mono.ServiceModel.IdentitySelectors/ChangeLog
new file mode 100644
index 00000000000..621dcd554a8
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/ChangeLog
@@ -0,0 +1,6 @@
+2007-04-18  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* Mono.ServiceModel.IdentitySelectors.dll.sources,
+	  Mono.ServiceModel.IdentitySelectors_test.dll.sources,
+	  Makefile : initial commit.
+
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Makefile b/mcs/class/Mono.ServiceModel.IdentitySelectors/Makefile
new file mode 100644
index 00000000000..85e800a7d66
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Makefile
@@ -0,0 +1,44 @@
+thisdir = class/Mono.ServiceModel.IdentitySelectors
+SUBDIRS = 
+include ../../build/rules.make
+
+RESOURCE_FILES = \
+		resources/schemas-xmlsoap-or-ws-2005-05-identity.rnc
+
+LIBRARY = Mono.ServiceModel.IdentitySelectors.dll
+LIB_MCS_FLAGS = \
+		/nowarn:414,169,67,3005,436 \
+		/unsafe \
+	        /r:System.dll \
+	        /r:System.Xml.dll \
+	        /r:System.Configuration.dll \
+	        /r:../lib/net_3_0/System.Runtime.Serialization.dll \
+	        /r:System.Security.dll \
+	        /r:../lib/net_3_0/System.IdentityModel.dll \
+		/r:../lib/net_3_0/System.IdentityModel.Selectors.dll \
+	        /r:../lib/net_3_0/System.ServiceModel.dll \
+	        /r:System.Transactions.dll \
+	        /r:System.Web.dll \
+		/r:System.Web.Services.dll \
+		/r:Mono.Security.dll \
+		$(RESOURCE_FILES:%=/resource:%)
+
+TEST_MCS_FLAGS = $(LIB_MCS_FLAGS)
+
+TEST_EXT_RESOURCES = \
+		Test/resources/managed.xml \
+		Test/resources/rupert.crds \
+		Test/resources/rupert.xml
+
+EXTRA_DISTFILES = $(RESOURCE_FILES) $(TEST_EXT_REOURCES)
+
+# This is a WinFX only assembly
+VALID_PROFILE := $(filter net_3_0, $(PROFILE))
+ifndef VALID_PROFILE
+LIBRARY_NAME = dummy-Mono.ServiceModel.IdentitySelectors.dll
+NO_INSTALL = yes
+NO_SIGN_ASSEMBLY = yes
+NO_TEST = yes
+endif
+
+include ../../build/library.make
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/AsymmetricProofTokenSecurityKey.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/AsymmetricProofTokenSecurityKey.cs
new file mode 100644
index 00000000000..4293f2ddacb
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/AsymmetricProofTokenSecurityKey.cs
@@ -0,0 +1,110 @@
+//
+// AsymmetricProofTokenSecurityKey.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2007 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.ObjectModel;
+using System.IdentityModel.Tokens;
+using System.Runtime.InteropServices;
+using System.Security.Cryptography;
+using System.Xml;
+
+namespace Mono.ServiceModel.IdentitySelectors.Win32
+{
+	class AsymmetricProofTokenSecurityKey : AsymmetricSecurityKey, IDisposable
+	{
+		NativeAsymmetricCryptoParameters parameters;
+		NativeInfocardCryptoHandle handle;
+
+		public AsymmetricProofTokenSecurityKey (NativeAsymmetricCryptoParameters parameters, NativeInfocardCryptoHandle handle)
+		{
+			this.parameters = parameters;
+			this.handle = handle;
+		}
+
+		void IDisposable.Dispose ()
+		{
+			CloseCryptoHandle (handle);
+		}
+
+		public override AsymmetricAlgorithm GetAsymmetricAlgorithm (string algorithm, bool privateKey)
+		{
+			throw new NotImplementedException ();
+		}
+
+		public override HashAlgorithm GetHashAlgorithmForSignature (string algorithm)
+		{
+			throw new NotImplementedException ();
+		}
+
+		public override AsymmetricSignatureFormatter GetSignatureFormatter (string algorithm)
+		{
+			throw new NotImplementedException ();
+		}
+
+		public override AsymmetricSignatureDeformatter GetSignatureDeformatter (string algorithm)
+		{
+			throw new NotImplementedException ();
+		}
+
+		public override byte [] DecryptKey (string algorithm, byte [] input)
+		{
+			throw new NotImplementedException ();
+		}
+
+		public override byte [] EncryptKey (string algorithm, byte [] input)
+		{
+			throw new NotImplementedException ();
+		}
+
+		public override bool IsAsymmetricAlgorithm (string algorithm)
+		{
+			throw new NotImplementedException ();
+		}
+
+		public override bool IsSymmetricAlgorithm (string algorithm)
+		{
+			throw new NotImplementedException ();
+		}
+
+		public override bool IsSupportedAlgorithm (string algorithm)
+		{
+			throw new NotImplementedException ();
+		}
+
+		public override bool HasPrivateKey ()
+		{
+			return true;
+		}
+
+		public override int KeySize {
+			get { return parameters.KeySize; }
+		}
+
+		[DllImport ("cardspaceapi")]
+		static extern void CloseCryptoHandle (NativeInfocardCryptoHandle handle);
+	}
+}
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/CardSelectorClientWin32.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/CardSelectorClientWin32.cs
new file mode 100644
index 00000000000..ef697135692
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/CardSelectorClientWin32.cs
@@ -0,0 +1,175 @@
+//
+// CardSelectorClientWin32.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2007 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.IO;
+using System.IdentityModel.Claims;
+using System.IdentityModel.Policy;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
+using System.Runtime.InteropServices;
+using System.Xml;
+
+namespace Mono.ServiceModel.IdentitySelectors.Win32
+{
+	public class CardSelectorClientWin32 : CardSelectorClient
+	{
+		public override void Manage ()
+		{
+			ManageCardSpace ();
+		}
+
+		public override void Import (string fileName)
+		{
+			ImportInformationCard (fileName);
+		}
+
+		public override GenericXmlSecurityToken GetToken (
+			CardSpacePolicyElement [] policyChain,
+			SecurityTokenSerializer serializer)
+		{
+			NativeGenericXmlToken token;
+			NativeInfocardCryptoHandle proof;
+			NativePolicyElement [] natives =
+				new NativePolicyElement [policyChain.Length];
+			for (int i = 0; i < policyChain.Length; i++)
+				natives [i] = new NativePolicyElement (
+					policyChain [i].Target,
+					policyChain [i].Issuer,
+					policyChain [i].Parameters,
+					policyChain [i].PolicyNoticeLink,
+					policyChain [i].PolicyNoticeVersion,
+					policyChain [i].IsManagedIssuer);
+
+			int hresult = GetToken (policyChain.Length, natives, out token, out proof);
+			NativeGetTokenResults ret = (NativeGetTokenResults) (hresult & 0xCFFFFFFF);
+			switch (ret) {
+			case NativeGetTokenResults.OK:
+				return token.ToObject (proof, serializer);
+			case NativeGetTokenResults.UserCancelled:
+				throw new UserCancellationException ();
+			case NativeGetTokenResults.InvalidPolicy:
+				throw new PolicyValidationException ();
+			case NativeGetTokenResults.ServiceBusy:
+				throw new ServiceBusyException ();
+			case NativeGetTokenResults.ServiceUnavailable:
+				throw new ServiceNotStartedException ();
+			case NativeGetTokenResults.IdentityVerificationFailed:
+			case NativeGetTokenResults.InvalidDecryptionKey:
+				throw new IdentityValidationException ();
+			case NativeGetTokenResults.ErrorOnCommunication:
+				throw new StsCommunicationException ();
+			case NativeGetTokenResults.UntrustedRecipient:
+				throw new UntrustedRecipientException ();
+			case NativeGetTokenResults.UnsupportedPolicy:
+				throw new UnsupportedPolicyOptionsException ();
+			case NativeGetTokenResults.ErrorOnDataAccess:
+			case NativeGetTokenResults.ErrorOnExport:
+			case NativeGetTokenResults.ErrorOnImport:
+			case NativeGetTokenResults.InvalidArgument:
+			case NativeGetTokenResults.ErrorInRequest:
+			case NativeGetTokenResults.ErrorInCardData:
+			case NativeGetTokenResults.InvalidCertificateLogo:
+			case NativeGetTokenResults.InvalidPassword:
+			case NativeGetTokenResults.ProcessDied:
+			case NativeGetTokenResults.Shuttingdown:
+			case NativeGetTokenResults.ErrorOnTokenCreation:
+			case NativeGetTokenResults.TrustExchangeFailure:
+			case NativeGetTokenResults.ErrorOnStoreImport:
+			case NativeGetTokenResults.UIStartFailure:
+			case NativeGetTokenResults.MaxSession:
+			case NativeGetTokenResults.ImportFileAccessFailure:
+			case NativeGetTokenResults.MalformedRequest:
+			case NativeGetTokenResults.RefreshRequired:
+			case NativeGetTokenResults.MissingAppliesTo:
+			case NativeGetTokenResults.UnknownReference:
+			case NativeGetTokenResults.InvalidProofKey:
+			case NativeGetTokenResults.ClaimsNotProvided:
+			default:
+				throw CardspaceError (ret);
+			}
+		}
+
+		static Exception CardspaceError (NativeGetTokenResults error)
+		{
+			switch (error) {
+			default:
+				throw new CardSpaceException (String.Format ("identity selector returned an error: {0:X}", error));
+			}
+		}
+
+		[DllImport ("infocardapi", CharSet = CharSet.Unicode)]
+		static extern int GetToken (int cPolicyChain,
+			NativePolicyElement [] pPolicyChain,
+			out NativeGenericXmlToken securityToken,
+			out NativeInfocardCryptoHandle phProofTokenCrypto);
+
+		[DllImport ("infocardapi")]
+		static extern void ManageCardSpace ();
+
+		[DllImport ("infocardapi", CharSet = CharSet.Unicode)]
+		static extern void ImportInformationCard (string fileName);
+
+		enum NativeGetTokenResults : long
+		{
+			OK = 0,
+			ErrorOnCommunication		= 0xC0050100,
+			ErrorOnDataAccess		= 0xC0050101,
+			ErrorOnExport			= 0xC0050102,
+			IdentityVerificationFailed	= 0xC0050103,
+			ErrorOnImport			= 0xC0050104,
+			InvalidArgument			= 0xC0050105,
+			ErrorInRequest			= 0xC0050106,
+			ErrorInCardData			= 0xC0050107,
+			InvalidDecryptionKey		= 0xC0050108,
+			InvalidCertificateLogo		= 0xC0050109,
+			InvalidPassword			= 0xC005010A,
+			InvalidPolicy			= 0xC005010B,
+			ProcessDied			= 0xC005010C,
+			ServiceBusy			= 0xC005010D,
+			ServiceUnavailable		= 0xC005010E,
+			Shuttingdown			= 0xC005010F,
+			ErrorOnTokenCreation		= 0xC0050110,
+			TrustExchangeFailure		= 0xC0050111,
+			UntrustedRecipient		= 0xC0050112,
+			UserCancelled			= 0xC0050113,
+			ErrorOnStoreImport		= 0xC0050114,
+			UIStartFailure			= 0xC0050115,
+			UnsupportedPolicy		= 0xC0050116,
+			MaxSession			= 0xC0050117,
+			ImportFileAccessFailure		= 0xC0050118,
+			MalformedRequest		= 0xC0050119,
+			RefreshRequired			= 0xC0050180,
+			MissingAppliesTo		= 0xC0050181,
+			InvalidProofKey			= 0xC0050182,
+			UnknownReference		= 0xC0050183,
+			ClaimsNotProvided		= 0xC0050184,
+		}
+	}
+}
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/CardSpaceProofToken.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/CardSpaceProofToken.cs
new file mode 100644
index 00000000000..dcb92646ddf
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/CardSpaceProofToken.cs
@@ -0,0 +1,63 @@
+//
+// CardSpaceProofToken.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2007 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.ObjectModel;
+using System.IdentityModel.Tokens;
+using System.Runtime.InteropServices;
+using System.Xml;
+
+namespace Mono.ServiceModel.IdentitySelectors.Win32
+{
+	class CardSpaceProofToken : SecurityToken
+	{
+		DateTime valid_to;
+		ReadOnlyCollection<SecurityKey> keys;
+
+		public CardSpaceProofToken (DateTime validTo, AsymmetricSecurityKey proofKey)
+		{
+			valid_to = validTo;
+			keys = new ReadOnlyCollection<SecurityKey> (new SecurityKey [] {proofKey});
+		}
+
+		public override DateTime ValidFrom {
+			get { return DateTime.MinValue.ToUniversalTime (); }
+		}
+
+		public override DateTime ValidTo {
+			get { return valid_to; }
+		}
+
+		public override string Id {
+			get { throw new NotImplementedException (); }
+		}
+
+		public override ReadOnlyCollection<SecurityKey> SecurityKeys {
+			get { return keys; }
+		}
+	}
+}
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/ChangeLog b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/ChangeLog
new file mode 100644
index 00000000000..40a2295a0aa
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/ChangeLog
@@ -0,0 +1,11 @@
+2007-04-18  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* CardSelectorClientWin32.cs :
+	  almost identical to former CardSpaceSelector.cs in S.IM.S.dll.
+	* CardSpaceProofToken.cs
+	  NativePolicyElement.cs
+	  NativeGenericXmlToken.cs
+	  AsymmetricProofTokenSecurityKey.cs
+	  NativeInfocardCryptoHandle.cs
+	  NativeInfocardHandleType.cs : moved from S.IM.S.dll.
+
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/NativeGenericXmlToken.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/NativeGenericXmlToken.cs
new file mode 100644
index 00000000000..40a1a2a2db1
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/NativeGenericXmlToken.cs
@@ -0,0 +1,99 @@
+//
+// NativeGenericXmlToken.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2007 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.ObjectModel;
+using System.IO;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
+using System.Runtime.InteropServices;
+using System.Xml;
+
+namespace Mono.ServiceModel.IdentitySelectors.Win32
+{
+	[StructLayout (LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+	class NativeGenericXmlToken : IDisposable
+	{
+		// This field order must be fixed for win32 API interop:
+		long created;
+		long expired;
+		string xml_token;
+		string internal_ref;
+		string external_ref;
+
+		public NativeGenericXmlToken (GenericXmlSecurityToken token, SecurityTokenSerializer serializer)
+		{
+			created = token.ValidFrom.ToFileTime ();
+			expired = token.ValidTo.ToFileTime ();
+			xml_token = token.TokenXml.OuterXml;
+			XmlWriterSettings settings = new XmlWriterSettings ();
+			settings.OmitXmlDeclaration = true;
+			internal_ref = GetKeyIdentifierClauseXml (serializer, settings, token.InternalTokenReference);
+			external_ref = GetKeyIdentifierClauseXml (serializer, settings, token.ExternalTokenReference);
+		}
+
+		void IDisposable.Dispose ()
+		{
+			FreeToken (this);
+		}
+
+		public static string GetKeyIdentifierClauseXml (SecurityTokenSerializer serializer, XmlWriterSettings settings, SecurityKeyIdentifierClause item)
+		{
+			StringWriter sw = new StringWriter ();
+			using (XmlWriter xw = XmlWriter.Create (sw)) {
+				serializer.WriteKeyIdentifierClause (xw, item);
+			}
+			return sw.ToString ();
+		}
+
+		public GenericXmlSecurityToken ToObject (NativeInfocardCryptoHandle proofTokenHandle, SecurityTokenSerializer serializer)
+		{
+			XmlDocument doc = new XmlDocument ();
+			doc.LoadXml (xml_token);
+			XmlElement token = doc.DocumentElement;
+			SecurityToken proof = new CardSpaceProofToken (DateTime.FromFileTime (proofTokenHandle.Expiration), proofTokenHandle.GetAsymmetricKey ());
+
+			DateTime effective = DateTime.FromFileTime (created);
+			DateTime expiration = DateTime.FromFileTime (expired);
+
+			SecurityKeyIdentifierClause intref =
+				serializer.ReadKeyIdentifierClause (Create (internal_ref));
+			SecurityKeyIdentifierClause extref =
+				serializer.ReadKeyIdentifierClause (Create (external_ref));
+			return new GenericXmlSecurityToken (token, proof, effective, expiration, intref, extref, null);
+		}
+
+		XmlDictionaryReader Create (string xml)
+		{
+			XmlReader xr = XmlReader.Create (new StringReader (xml));
+			return XmlDictionaryReader.CreateDictionaryReader (xr);
+		}
+
+		[DllImport ("infocardapi")]
+		static extern void FreeToken (NativeGenericXmlToken token);
+	}
+}
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/NativeInfocardCryptoHandle.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/NativeInfocardCryptoHandle.cs
new file mode 100644
index 00000000000..317a798eb2f
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/NativeInfocardCryptoHandle.cs
@@ -0,0 +1,107 @@
+//
+// NativeInfocardCryptoHandle.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2007 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.ObjectModel;
+using System.IdentityModel.Tokens;
+using System.Runtime.InteropServices;
+using System.Xml;
+
+namespace Mono.ServiceModel.IdentitySelectors.Win32
+{
+	// see http://msdn2.microsoft.com/en-us/library/aa702727.aspx
+
+	[StructLayout (LayoutKind.Sequential)]
+	class NativeInfocardCryptoHandle
+	{
+		// This field order must be fixed for win32 API interop:
+		NativeInfocardHandleType handle_type;
+		long expiration;
+		IntPtr parameters;
+
+		public long Expiration {
+			get { return expiration; }
+		}
+
+		public AsymmetricSecurityKey GetAsymmetricKey ()
+		{
+			switch (handle_type) {
+			case NativeInfocardHandleType.Asymmetric:
+				NativeAsymmetricCryptoParameters a = (NativeAsymmetricCryptoParameters) Marshal.PtrToStructure (parameters, typeof (NativeAsymmetricCryptoParameters));
+				return new AsymmetricProofTokenSecurityKey (a, this);
+			}
+			throw new NotImplementedException ();
+		}
+	}
+
+	[StructLayout (LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+	struct NativeAsymmetricCryptoParameters
+	{
+		int key_size;
+		string encalg;
+		string sigalg;
+
+		public int KeySize {
+			get { return key_size; }
+		}
+
+		public string EncryptionAlgorithm {
+			get { return encalg; }
+		}
+
+		public string SignatureAlgorithm {
+			get { return sigalg; }
+		}
+	}
+
+#pragma warning disable 169
+	[StructLayout (LayoutKind.Sequential)]
+	struct NativeSymmetricCryptoParameters
+	{
+		int key_size;
+		int block_size;
+		int feedback_size;
+	}
+
+	[StructLayout (LayoutKind.Sequential)]
+	struct NativeTransformCryptoParameters
+	{
+		int input_block_size;
+		int output_block_size;
+		bool multi_block_supported;
+		bool reusable;
+	}
+
+	[StructLayout (LayoutKind.Sequential)]
+	struct NativeHashCryptoParameters
+	{
+		int hash_size;
+		NativeTransformCryptoParameters transform;
+	}
+
+#pragma warning restore 169
+}
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/NativeInfocardHandleType.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/NativeInfocardHandleType.cs
new file mode 100644
index 00000000000..4f56f5ebf2a
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/NativeInfocardHandleType.cs
@@ -0,0 +1,38 @@
+//
+// NativeInfocardHandleType.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2007 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+namespace Mono.ServiceModel.IdentitySelectors.Win32
+{
+	enum NativeInfocardHandleType
+	{
+		Asymmetric = 1,
+		Symmetric,
+		Transform,
+		Hash
+	}
+}
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/NativePolicyElement.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/NativePolicyElement.cs
new file mode 100644
index 00000000000..30987cb18e6
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.Win32/NativePolicyElement.cs
@@ -0,0 +1,71 @@
+//
+// NativePolicyElement.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2007 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+#pragma warning disable 414
+using System;
+using System.Collections.ObjectModel;
+using System.Runtime.InteropServices;
+using System.Xml;
+
+namespace Mono.ServiceModel.IdentitySelectors.Win32
+{
+	// FIXME: it does not seem to marshal this object as expected ...
+	[StructLayout (LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+	struct NativePolicyElement
+	{
+		// This field order must be fixed for win32 API interop:
+		string target;
+		string issuer;
+		string parameters;
+		string policy_link;
+		int policy_ver;
+		bool is_managed;
+
+		public NativePolicyElement (
+			XmlElement target, XmlElement issuer,
+			Collection<XmlElement> parameters,
+			Uri policyNoticeLink,
+			int policyNoticeVersion,
+			bool isManagedIssuer)
+		{
+			if (target == null)
+				throw new ArgumentException ("target");
+			if (parameters == null)
+				throw new ArgumentException ("parameters");
+			this.target = target.OuterXml;
+			this.issuer = issuer != null ? issuer.OuterXml : null;
+			this.parameters = null;
+			foreach (XmlElement el in parameters)
+				this.parameters += el.OuterXml;
+			this.policy_link = policyNoticeLink != null ? policyNoticeLink.ToString () : null;
+			policy_ver = policyNoticeVersion;
+			is_managed = isManagedIssuer;
+		}
+	}
+}
+#pragma warning restore
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.dll.sources b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.dll.sources
new file mode 100644
index 00000000000..283b0b7f4ef
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors.dll.sources
@@ -0,0 +1,17 @@
+../../build/common/Consts.cs
+../../build/common/Locale.cs
+../../build/common/MonoTODOAttribute.cs
+Assembly/AssemblyInfo.cs
+Mono.ServiceModel.IdentitySelectors.Win32/AsymmetricProofTokenSecurityKey.cs
+Mono.ServiceModel.IdentitySelectors.Win32/CardSelectorClientWin32.cs
+Mono.ServiceModel.IdentitySelectors.Win32/CardSpaceProofToken.cs
+Mono.ServiceModel.IdentitySelectors.Win32/NativeGenericXmlToken.cs
+Mono.ServiceModel.IdentitySelectors.Win32/NativeInfocardCryptoHandle.cs
+Mono.ServiceModel.IdentitySelectors.Win32/NativeInfocardHandleType.cs
+Mono.ServiceModel.IdentitySelectors.Win32/NativePolicyElement.cs
+Mono.ServiceModel.IdentitySelectors/CardSelectionContext.cs
+Mono.ServiceModel.IdentitySelectors/CardSelectorClient.cs
+Mono.ServiceModel.IdentitySelectors/Constants.cs
+Mono.ServiceModel.IdentitySelectors/IdentityCard.cs
+Mono.ServiceModel.IdentitySelectors/IdentityCardEncryption.cs
+Mono.ServiceModel.IdentitySelectors/IdentityStore.cs
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/CardSelectionContext.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/CardSelectionContext.cs
new file mode 100644
index 00000000000..8121665df95
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/CardSelectionContext.cs
@@ -0,0 +1,65 @@
+//
+// CardSelectionContext.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2007 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.ObjectModel;
+using System.IdentityModel.Claims;
+using System.IdentityModel.Policy;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
+using System.ServiceModel;
+using System.ServiceModel.Security.Tokens;
+using System.Xml;
+
+namespace Mono.ServiceModel.IdentitySelectors
+{
+	public class CardSelectionContext
+	{
+		EndpointAddress target;
+		EndpointAddress issuer;
+		Collection<ClaimTypeRequirement> requirements;
+		Collection<XmlElement> additional_parameters;
+		Uri policy_link;
+		int policy_ver;
+
+		public CardSelectionContext (
+			EndpointAddress target,
+			EndpointAddress issuer,
+			Collection<ClaimTypeRequirement> requirements,
+			Collection<XmlElement> additionalRequestParameters,
+			Uri policyNoticeLink,
+			int policyNoticeVersion)
+		{
+			this.target = target;
+			this.issuer = issuer;
+			this.requirements = requirements;
+			additional_parameters = additionalRequestParameters;
+			policy_link = policyNoticeLink;
+			policy_ver = policyNoticeVersion;
+		}
+	}
+}
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/CardSelectorClient.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/CardSelectorClient.cs
new file mode 100644
index 00000000000..e3828831bd9
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/CardSelectorClient.cs
@@ -0,0 +1,207 @@
+//
+// CardSelectorClient.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2007 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.Generic;
+using System.Collections.ObjectModel;
+using System.IO;
+using System.IdentityModel.Claims;
+using System.IdentityModel.Policy;
+using System.IdentityModel.Selectors;
+using System.IdentityModel.Tokens;
+using System.Security.Cryptography.X509Certificates;
+using System.ServiceModel;
+using System.ServiceModel.Security;
+using System.ServiceModel.Security.Tokens;
+using System.Xml;
+
+namespace Mono.ServiceModel.IdentitySelectors
+{
+	public abstract class CardSelectorClient
+	{
+		public abstract void Manage ();
+
+		#region Import
+
+		// This must be implemented unless Import() is overriden.
+		public virtual string ReceivePassword ()
+		{
+			throw new NotImplementedException ("Import is not implemented by this identity selector client");
+		}
+
+		public virtual void Import (string filename)
+		{
+			string password = ReceivePassword ();
+			if (password == null)
+				return;
+			IdentityCard card = ProcessImport (filename, password);
+			IdentityStore.GetDefaultStore ().StoreCard (card, password);
+		}
+
+		protected IdentityCard ProcessImport (string filename, string password)
+		{
+			string xml = new IdentityCardEncryption ().Decrypt (
+				new StreamReader (filename).ReadToEnd (), password);
+			IdentityCard card = new IdentityCard ();
+			card.Load (XmlReader.Create (new StringReader (xml)));
+			return card;
+		}
+
+		#endregion
+
+		// This is virtual since it might not be required when
+		// GetToken() is overriden.
+		public virtual IdentityCard SelectCardToSend (CardSelectionContext context)
+		{
+			throw new NotSupportedException ();
+		}
+
+		#region Default self-issued card processor
+		// They are used to indicate a service URL when there is no
+		// overriden behavior of RequestSelfIssuedToken().
+
+		string self_identity_issuer = Environment.GetEnvironmentVariable ("MONO_IDENTITY_SERVICE_URL") ?? "localhost:7450";
+		string self_identity_issuer_cert = Environment.GetEnvironmentVariable ("MONO_IDENTITY_SERVICE_CERTIFICATE");
+
+		public virtual string SelfIdentityIssuerUrl {
+			get { return self_identity_issuer; }
+		}
+
+		public virtual string SelfIdentityIssuerCertificate {
+			get { return self_identity_issuer_cert; }
+		}
+		#endregion
+
+		public virtual GenericXmlSecurityToken GetToken (
+			CardSpacePolicyElement [] policyChain,
+			SecurityTokenSerializer serializer)
+		{
+			// FIXME: sort out what is supposed to be done here.
+			foreach (CardSpacePolicyElement policy in policyChain)
+				return GetToken (policy.Target, policy.Issuer,
+					  policy.Parameters,
+					  policy.PolicyNoticeLink,
+					  policy.PolicyNoticeVersion);
+			throw new Exception ("INTERNAL ERROR: no policy to process");
+		}
+
+		GenericXmlSecurityToken GetToken (
+			XmlElement target, XmlElement issuer,
+			Collection<XmlElement> parameters,
+			Uri policyNoticeLink, int policyNoticeVersion)
+		{
+			Collection<ClaimTypeRequirement> reqs = new Collection<ClaimTypeRequirement> ();
+			Collection<XmlElement> alist = new Collection<XmlElement> ();
+			foreach (XmlElement el in parameters) {
+				if (el.LocalName == "Claims" && el.NamespaceURI == Constants.WstNamespace)
+					foreach (XmlElement c in el.ChildNodes)
+						reqs.Add (new ClaimTypeRequirement (c.GetAttribute ("Uri"), c.GetAttribute ("Optional") == "true"));
+				else
+					alist.Add (el);
+			}
+
+			CardSelectionContext ctx = new CardSelectionContext (
+				EndpointAddress.ReadFrom (XmlDictionaryReader.CreateDictionaryReader (new XmlNodeReader (target))),
+				EndpointAddress.ReadFrom (XmlDictionaryReader.CreateDictionaryReader (new XmlNodeReader (issuer))),
+				reqs,
+				alist,
+				policyNoticeLink,
+				policyNoticeVersion);
+
+			IdentityCard card = SelectCardToSend (ctx);
+
+			if (card.Issuer != null)
+				// process WS-Trust RST
+				return RequestTrustedToken (ctx, card);
+			else
+				return RequestSelfIssuedToken (ctx, card);
+		}
+
+		public virtual GenericXmlSecurityToken RequestTrustedToken (CardSelectionContext ctx, IdentityCard card)
+		{
+			X509Certificate2 cert = new X509Certificate2 (card.Certificate);
+			EndpointAddress issuer = new EndpointAddress (card.Issuer, new X509CertificateEndpointIdentity (cert));
+			return RequestToken (issuer, ctx);
+		}
+
+		public virtual GenericXmlSecurityToken RequestSelfIssuedToken (CardSelectionContext ctx, IdentityCard card)
+		{
+			Uri issuerUri = card.Issuer ?? new Uri (SelfIdentityIssuerUrl);
+			X509Certificate2 cert = new X509Certificate2 (SelfIdentityIssuerCertificate);
+			EndpointAddress issuer = new EndpointAddress (issuerUri, new X509CertificateEndpointIdentity (cert));
+			return RequestToken (issuer, ctx);
+		}
+
+		// This must be implemented unless other depending methods
+		// are overriden.
+		public virtual GenericXmlSecurityToken RequestToken (EndpointAddress issuer, CardSelectionContext ctx)
+		{
+			return null;
+		}
+
+		/* This will be used if we have to implement unmanaged foo.
+
+		public string GetToken (
+			string targetXml,
+			string issuerXml,
+			string claimTypeRequirementsXml,
+			string policyNoticeLink,
+			int policyNoticeVersion,
+			bool isManagedIssuer)
+		{
+			EndpointAddress target = EndpointAddress.ReadFrom (
+				XmlDictionaryReader.CreateDictionaryReader (
+					XmlReader.Create (new StringReader (targetXml))));
+			EndpointAddress issuer = isManagedIssuer ?EndpointAddress.ReadFrom (
+				XmlDictionaryReader.CreateDictionaryReader (
+					XmlReader.Create (new StringReader (issuerXml)))) : null;
+			XmlReaderSettings s = new XmlReaderSettings ();
+			s.ConformanceLevel = ConformanceLevel.Fragment;
+			Collection<ClaimTypeRequirement> reqs = new Collection<ClaimTypeRequirement> ();
+			Collection<XmlElement> parameters = new Collection<XmlElement> ();
+			XmlDictionaryReader dr = XmlDictionaryReader.CreateDictionaryReader (
+				XmlReader.Create (new StringReader (claimTypeRequirementsXml)));
+			XmlDocument doc = new XmlDocument ();
+			for (dr.MoveToContent (); !dr.EOF; dr.MoveToContent ()) {
+				XmlElement el = doc.ReadNode (dr) as XmlElement;
+				if (el.LocalName == "Claims" && el.NamespaceURI == Constants.WstNamespace)
+					foreach (XmlElement c in el.ChildNodes)
+						reqs.Add (new ClaimTypeRequirement (c.GetAttribute ("Uri"), c.GetAttribute ("Optional") == "true"));
+				else
+					parameters.Add (el);
+			}
+
+			GenericXmlSecurityToken token = GetToken (target, issuer, reqs, parameters, new Uri (policyNoticeLink), policyNoticeVersion);
+			StringWriter sw = new StringWriter ();
+			using (XmlWriter xw = XmlWriter.Create (sw)) {
+				WSSecurityTokenSerializer.DefaultInstance.WriteToken (xw, token);
+			}
+			return sw.ToString ();
+		}
+		*/
+	}
+}
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/ChangeLog b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/ChangeLog
new file mode 100644
index 00000000000..b01e825dd18
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/ChangeLog
@@ -0,0 +1,22 @@
+2007-04-27  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* IdentityCard.cs : TokenService contains UserCredential as well as
+	  EndpointAddress.
+
+2007-04-26  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* IdentityCardEncryption.cs, CardSelectorClient.cs :
+	  implemented store encryption. Changed the reader API a bit too.
+
+2007-04-25  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* IdentityCard.cs : implemented Save. It was rather xs:dateTime fixes.
+	* IdentityStore.cs, CardSelectorClient.cs : some store implementation.
+
+2007-04-18  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* CardSelectionContext.cs
+	  CardSelectorClient.cs
+	  Constants.cs
+	  IdentityCard.cs
+	  IdentityCardEncryption.cs : initial commit.
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/Constants.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/Constants.cs
new file mode 100644
index 00000000000..b78ea4a1ab3
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/Constants.cs
@@ -0,0 +1,106 @@
+//
+// Constants.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2006 Novell, Inc (http://www.novell.com)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+
+
+namespace Mono.ServiceModel.IdentitySelectors
+{
+	internal class Constants
+	{
+		public const string WSA1 = "http://www.w3.org/2005/08/addressing";
+
+		public const string WSBasicSecurityProfileCore1 = "http://ws-i.org/profiles/basic-security/core/1.0";
+
+		public const string WsaAnonymousUri = "http://www.w3.org/2005/08/addressing/anonymous";
+		public const string WsaIdentityUri = "http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";
+
+		public const string MSSerialization = "http://schemas.microsoft.com/2003/10/Serialization/";
+
+		public const string WssKeyIdentifierX509Thumbptint = "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";
+
+		public const string WssBase64BinaryEncodingType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
+
+		public const string WssKeyIdentifierEncryptedKey = "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1";
+
+		public const string XmlDsig = "http://www.w3.org/2000/09/xmldsig#";
+
+		public const string WSSSamlToken = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
+		public const string WSSX509Token = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
+		public const string WssKeyIdentifierSamlAssertion = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";
+		public const string WSSUserNameToken = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";
+		public const string WsscContextToken = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
+		public const string WSSKerberosToken = "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ";
+		public const string WSSEncryptedKeyToken = "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey";
+
+		public const string WstNamespace = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+		public const string WssNamespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
+		public const string Wss11Namespace = "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
+		public const string WspNamespace = "http://schemas.xmlsoap.org/ws/2004/09/policy";
+		public const string WsaNamespace = "http://www.w3.org/2005/08/addressing";
+		public const string WsuNamespace = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+		public const string WsscNamespace = "http://schemas.xmlsoap.org/ws/2005/02/sc";
+		public const string WsidNamespace = "http://schemas.xmlsoap.org/ws/2005/05/identity";
+
+		public const string WstIssueAction = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue";
+		public const string WstRenewAction = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew";
+		public const string WstCancelAction = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel";
+		public const string WstValidateAction = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate";
+		public const string WstIssueReplyAction = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue";
+		public const string WstRenewReplyAction = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Renew";
+		public const string WstCancelReplyAction = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Cancel";
+		public const string WstValidateReplyAction = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Validate";
+
+		public const string WsscDefaultLabel = "WS-SecureConversationWS-SecureConversation";
+
+		// .NET BUG: it requires extra white space !
+		public const string WstBinaryExchangeValueTls = " http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego";
+		public const string WstBinaryExchangeValueGss = "http://schemas.xmlsoap.org/ws/2005/02/trust/spnego";
+
+		public const string MSTlsnegoTokenContent = "http://schemas.microsoft.com/ws/2006/05/security";
+
+		public const string WstTlsnegoProofTokenType = "http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap";
+		public const string WstSpnegoProofTokenType = "http://schemas.xmlsoap.org/2005/02/trust/spnego#TLS_Wrap";
+
+		public const string WstIssueRequest = "http://schemas.xmlsoap.org/ws/2005/02/trust/Issue";
+		public const string WstRenewRequest = "http://schemas.xmlsoap.org/ws/2005/02/trust/Renew";
+		public const string WstCancelRequest = "http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel";
+		public const string WstValidateRequest = "http://schemas.xmlsoap.org/ws/2005/02/trust/Validate";
+
+		public const string WstSymmetricKeyTypeUri = "http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey";
+		public const string WstAsymmetricKeyTypeUri = "http://schemas.xmlsoap.org/ws/2005/02/trust/AsymmetricKey";
+
+		public const string LifetimeFormat = "yyyy-MM-dd'T'HH:mm:ss.fffZ";
+
+		// Those OIDs except for Kerberos5 are described here:
+		// http://www.alvestrand.no/objectid/
+		// (searching web for those OIDs would give you pointers.)
+		public const string OidSpnego = "1.3.6.1.5.5.2";
+		public const string OidNtlmSsp = "1.3.6.1.4.1.311.2.2.10";
+		public const string OidKerberos5 = "1.2.840.48018.1.2.2";
+		public const string OidMIT = "1.2.840.113554.1.2.2";
+	}
+}
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/IdentityCard.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/IdentityCard.cs
new file mode 100644
index 00000000000..ab61ef112ad
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/IdentityCard.cs
@@ -0,0 +1,448 @@
+//
+// IdentityCard.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2007 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Collections.ObjectModel;
+using System.Security.Cryptography.Xml;
+using System.ServiceModel;
+using System.ServiceModel.Channels;
+using System.Xml;
+using System.Xml.Schema;
+using System.Xml.Serialization;
+
+namespace Mono.ServiceModel.IdentitySelectors
+{
+	public class IdentityCard
+	{
+		public class ClaimTypeDefinition
+		{
+			public ClaimTypeDefinition (string uri, string tag, string description)
+			{
+				this.uri = uri;
+				this.tag = tag;
+				this.desc = description;
+			}
+
+			string uri, tag, desc;
+
+			public string Uri {
+				get { return uri; }
+			}
+
+			public string DisplayTag {
+				get { return tag; }
+			}
+
+			public string Description {
+				get { return desc; }
+			}
+		}
+
+		public class ClaimValue
+		{
+			public ClaimValue (string uri, string value)
+			{
+				this.uri = uri;
+				this.value = value;
+			}
+
+			string uri, value;
+
+			public string Uri {
+				get { return uri; }
+			}
+			public string Value {
+				get { return value; }
+			}
+		}
+
+		public class TokenService
+		{
+			EndpointAddress address;
+			UserCredential credential;
+
+			public EndpointAddress Address {
+				get { return address; }
+				set { address = value; }
+			}
+			
+			public UserCredential Credential {
+				get { return credential; }
+				set { credential = value; }
+			}
+
+			public void ReadXml (XmlReader reader)
+			{
+				// FIXME: do we need different versions?
+				address = EndpointAddress.ReadFrom (AddressingVersion.WSAddressing10, reader);
+				reader.MoveToContent ();
+				// FIXME: create custom serializer
+				credential = new XmlSerializer (typeof (UserCredential)).Deserialize (reader) as UserCredential;
+			}
+
+			public void WriteXml (XmlWriter writer)
+			{
+				address.WriteTo (AddressingVersion.WSAddressing10, writer);
+				// FIXME: create custom serializer
+				new XmlSerializer (typeof (UserCredential)).Serialize (writer, credential);
+			}
+		}
+
+		[XmlRoot ("UserCredential", Namespace = Constants.WsidNamespace)]
+		public class UserCredential
+		{
+			string hint;
+			UsernamePasswordCredential username;
+			X509V3Credential x509;
+
+			public string DisplayCredentialHint {
+				get { return hint; }
+				set { hint = value; }
+			}
+
+			public UsernamePasswordCredential Username {
+				get { return username; }
+				set { username = value; }
+			}
+
+			public X509V3Credential X509V3 {
+				get { return x509; }
+				set { x509 = value; }
+			}
+		}
+
+		public class UsernamePasswordCredential
+		{
+			string username;
+
+			public string Username {
+				get { return username; }
+				set { username = value; }
+			}
+
+			// password is not stored.
+		}
+
+		public class X509V3Credential : IXmlSerializable
+		{
+			KeyInfoX509Data data;
+
+			public KeyInfoX509Data X509Data {
+				get { return data; }
+				set { data = value; }
+			}
+
+			public void WriteXml (XmlWriter w)
+			{
+				if (data != null)
+					data.GetXml ().WriteTo (w);
+			}
+
+			public void ReadXml (XmlReader r)
+			{
+				r.MoveToContent ();
+				XmlDocument doc = new XmlDocument ();
+				data = new KeyInfoX509Data ();
+				data.LoadXml (doc.ReadNode (r) as XmlElement);
+			}
+
+			XmlSchema IXmlSerializable.GetSchema ()
+			{
+				return null;
+			}
+		}
+
+		const string date_format = "yyyy-MM-dd'T'HH:mm:ss.FFFFFFFZ";
+
+		byte [] certificate;
+
+		// metadata
+		string lang, id, version, name;
+		Uri issuer;
+		DateTime issued, expires;
+		string image_mime;
+		byte [] image;
+		Collection<TokenService> token_services =
+			new Collection<TokenService> ();
+		Collection<Uri> supported_token_types = new Collection<Uri> ();
+		Collection<ClaimTypeDefinition> supported_claim_types =
+			new Collection<ClaimTypeDefinition> ();
+		bool self_issued;
+		byte [] hash_salt;
+		DateTime last_updated;
+		string issuer_id, issuer_name;
+		int back_color;
+		// private data
+		byte [] master_key;
+		Collection<ClaimValue> claim_values =
+			new Collection<ClaimValue> ();
+
+		public string Id {
+			get { return id; }
+		}
+
+		public string Version {
+			get { return version; }
+		}
+
+		public string Name {
+			get { return name; }
+		}
+
+		public string Lang {
+			get { return lang; }
+		}
+
+		public Uri Issuer {
+			get { return issuer; }
+		}
+
+		public DateTime TimeIssued {
+			get { return issued; }
+		}
+
+		public DateTime TimeExpires {
+			get { return expires; }
+		}
+
+		public byte [] Certificate {
+			get { return certificate; }
+		}
+
+		public void Load (XmlReader xmlReader)
+		{
+			XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader (xmlReader);
+
+			string ns = Constants.WsidNamespace;
+			reader.MoveToContent ();
+			reader.ReadStartElement ("RoamingStore", ns);
+			reader.MoveToContent ();
+			reader.ReadStartElement ("RoamingInformationCard", ns);
+			reader.MoveToContent ();
+			lang = reader.GetAttribute ("xml:lang");
+			// metadata
+			reader.ReadStartElement ("InformationCardMetaData", ns);
+			reader.MoveToContent ();
+			reader.ReadStartElement ("InformationCardReference", ns);
+			reader.MoveToContent ();
+			id = reader.ReadElementContentAsString ("CardId", ns);
+			reader.MoveToContent ();
+			version = reader.ReadElementContentAsString ("CardVersion", ns);
+			reader.MoveToContent ();
+			reader.ReadEndElement ();
+			reader.MoveToContent ();
+			name = reader.ReadElementContentAsString ("CardName", ns);
+			reader.MoveToContent ();
+			image_mime = reader.GetAttribute ("MimeType");
+			image = Convert.FromBase64String (
+				reader.ReadElementContentAsString ("CardImage", ns));
+			reader.MoveToContent ();
+			issuer = new Uri (
+				reader.ReadElementContentAsString ("Issuer", ns));
+			reader.MoveToContent ();
+			issued = XmlConvert.ToDateTime (
+				reader.ReadElementContentAsString ("TimeIssued", ns), XmlDateTimeSerializationMode.Utc);
+			reader.MoveToContent ();
+			expires = XmlConvert.ToDateTime (
+				reader.ReadElementContentAsString ("TimeExpires", ns), XmlDateTimeSerializationMode.Utc);
+			reader.MoveToContent ();
+			if (reader.IsStartElement ("TokenServiceList", ns)) {
+				reader.ReadStartElement ("TokenServiceList", ns);
+				reader.MoveToContent ();
+				for (reader.MoveToContent ();
+				     reader.NodeType == XmlNodeType.Element;
+				     reader.MoveToContent ()) {
+					reader.ReadStartElement ("TokenService", ns);
+					reader.MoveToContent ();
+					TokenService ts = new TokenService ();
+					ts.ReadXml (reader);
+					token_services.Add (ts);
+					reader.MoveToContent ();
+					reader.ReadEndElement ();
+				}
+				reader.ReadEndElement ();
+			}
+
+			reader.MoveToContent ();
+			reader.ReadStartElement ("SupportedTokenTypeList", ns);
+			for (reader.MoveToContent ();
+			     reader.NodeType == XmlNodeType.Element;
+			     reader.MoveToContent ())
+				supported_token_types.Add (new Uri (
+					reader.ReadElementContentAsString ("TokenType", Constants.WstNamespace)));
+			reader.ReadEndElement ();
+
+			reader.MoveToContent ();
+			reader.ReadStartElement ("SupportedClaimTypeList", ns);
+			for (reader.MoveToContent ();
+			     reader.NodeType == XmlNodeType.Element;
+			     reader.MoveToContent ()) {
+				string uri = reader.GetAttribute ("Uri");
+				reader.ReadStartElement ("SupportedClaimType", ns);
+				string tag = reader.ReadElementContentAsString ("DisplayTag", ns);
+				reader.MoveToContent ();
+				string desc = reader.ReadElementContentAsString ("Description", ns);
+				reader.MoveToContent ();
+				reader.ReadEndElement ();
+				supported_claim_types.Add (new ClaimTypeDefinition (uri, tag, desc));
+			}
+			reader.ReadEndElement ();
+
+			reader.MoveToContent ();
+			self_issued = reader.ReadElementContentAsBoolean ("IsSelfIssued", ns);
+			reader.MoveToContent ();
+			hash_salt = Convert.FromBase64String (
+				reader.ReadElementContentAsString ("HashSalt", ns));
+			reader.MoveToContent ();
+			last_updated = XmlConvert.ToDateTime (
+				reader.ReadElementContentAsString ("TimeLastUpdated", ns), XmlDateTimeSerializationMode.Utc);
+			reader.MoveToContent ();
+			issuer_id = reader.ReadElementContentAsString ("IssuerId", ns);
+			reader.MoveToContent ();
+			issuer_name = reader.ReadElementContentAsString ("IssuerName", ns);
+			reader.MoveToContent ();
+			back_color = reader.ReadElementContentAsInt ("BackgroundColor", ns);
+
+			reader.MoveToContent ();
+			reader.ReadEndElement (); // InformationCardMetaData
+
+			// private data
+			reader.MoveToContent ();
+			reader.ReadStartElement ("InformationCardPrivateData", ns);
+			reader.MoveToContent ();
+			master_key = Convert.FromBase64String (
+				reader.ReadElementContentAsString ("MasterKey", ns));
+			reader.MoveToContent ();
+			if (reader.IsStartElement ("ClaimValueList", ns)) {
+				reader.ReadStartElement ("ClaimValueList", ns);
+
+				reader.MoveToContent ();
+				for (reader.MoveToContent ();
+				     reader.NodeType == XmlNodeType.Element;
+				     reader.MoveToContent ()) {
+					string uri = reader.GetAttribute ("Uri");
+					reader.ReadStartElement ("ClaimValue", ns);
+					reader.MoveToContent ();
+					string value = reader.ReadElementContentAsString ("Value", ns);
+					reader.MoveToContent ();
+					reader.ReadEndElement ();
+					claim_values.Add (new ClaimValue (uri, value));
+				}
+				reader.ReadEndElement ();
+				reader.MoveToContent ();
+			}
+
+			reader.ReadEndElement (); // InformationCardPrivateData
+
+			reader.MoveToContent ();
+			reader.ReadEndElement ();
+			reader.MoveToContent ();
+			reader.ReadEndElement ();
+		}
+
+		public void Save (XmlWriter xmlWriter)
+		{
+			XmlDictionaryWriter writer = XmlDictionaryWriter.CreateDictionaryWriter (xmlWriter);
+
+			string ns = Constants.WsidNamespace;
+			writer.WriteStartElement ("RoamingStore", ns);
+			writer.WriteStartElement ("RoamingInformationCard", ns);
+			// metadata
+			writer.WriteStartElement ("InformationCardMetaData", ns);
+			writer.WriteAttributeString ("xml:lang", lang);
+			writer.WriteStartElement ("InformationCardReference", ns);
+			writer.WriteElementString ("CardId", ns, id);
+			writer.WriteElementString ("CardVersion", ns, version);
+			writer.WriteEndElement ();
+			writer.WriteElementString ("CardName", ns, name);
+			writer.WriteStartElement ("CardImage", ns);
+			writer.WriteAttributeString ("MimeType", image_mime);
+			writer.WriteString (Convert.ToBase64String (image));
+			writer.WriteEndElement ();
+			writer.WriteElementString ("Issuer", ns, issuer.ToString ());
+			writer.WriteElementString ("TimeIssued", ns, XmlConvert.ToString (issued, date_format));
+			writer.WriteElementString ("TimeExpires", ns, XmlConvert.ToString (expires, date_format));
+			if (token_services.Count > 0) {
+				
+				writer.WriteStartElement ("TokenServiceList", ns);
+				foreach (TokenService ts in token_services) {
+					writer.WriteStartElement ("TokenService", ns);
+					ts.WriteXml (writer);
+					writer.WriteEndElement ();
+				}
+				writer.WriteEndElement ();
+			}
+
+			writer.WriteStartElement ("SupportedTokenTypeList", ns);
+			foreach (Uri u in supported_token_types)
+				writer.WriteElementString ("TokenType", Constants.WstNamespace, u.ToString ());
+			writer.WriteEndElement ();
+
+			writer.WriteStartElement ("SupportedClaimTypeList", ns);
+			foreach (ClaimTypeDefinition cd in supported_claim_types) {
+				writer.WriteStartElement ("SupportedClaimType", ns);
+				writer.WriteAttributeString ("Uri", cd.Uri);
+				writer.WriteElementString ("DisplayTag", ns, cd.DisplayTag);
+				writer.WriteElementString ("Description", ns, cd.Description);
+				writer.WriteEndElement ();
+			}
+			writer.WriteEndElement ();
+
+			writer.WriteStartElement ("IsSelfIssued", ns);
+			writer.WriteString (XmlConvert.ToString (self_issued));
+			writer.WriteEndElement ();
+			writer.WriteStartElement ("HashSalt", ns);
+			writer.WriteString (Convert.ToBase64String (hash_salt));
+			writer.WriteEndElement ();
+			writer.WriteElementString ("TimeLastUpdated", ns, XmlConvert.ToString (last_updated, XmlDateTimeSerializationMode.Utc));
+			writer.WriteElementString ("IssuerId", ns, issuer_id);
+			writer.WriteElementString ("IssuerName", ns, issuer_name);
+			writer.WriteElementString ("BackgroundColor", ns, XmlConvert.ToString (back_color));
+
+			writer.WriteEndElement (); // InformationCardMetaData
+
+			// private data
+			writer.WriteStartElement ("InformationCardPrivateData", ns);
+			writer.WriteElementString ("MasterKey", ns, Convert.ToBase64String (master_key));
+			if (claim_values.Count > 0) {
+				writer.WriteStartElement ("ClaimValueList", ns);
+				foreach (ClaimValue cv in claim_values) {
+					writer.WriteStartElement ("ClaimValue", ns);
+					writer.WriteAttributeString ("Uri", cv.Uri);
+					writer.WriteElementString ("Value", ns, cv.Value);
+					writer.WriteEndElement ();
+				}
+				writer.WriteEndElement ();
+			}
+
+			writer.WriteEndElement (); // InformationCardPrivateData
+
+			writer.WriteEndElement ();
+			writer.WriteEndElement ();
+		}
+	}
+}
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/IdentityCardEncryption.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/IdentityCardEncryption.cs
new file mode 100644
index 00000000000..37f1639a876
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/IdentityCardEncryption.cs
@@ -0,0 +1,228 @@
+//
+// IdentityCardEncryption.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2007 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.Globalization;
+using System.IO;
+using System.IdentityModel.Selectors;
+using System.Security.Cryptography;
+using System.Security.Cryptography.Xml;
+using System.Text;
+using System.Xml;
+
+// http://msdn2.microsoft.com/en-us/library/bb298802.aspx#infocardprofile_topic9
+
+namespace Mono.ServiceModel.IdentitySelectors
+{
+	public class IdentityCardEncryption
+	{
+		static readonly byte [] encEntropy = new byte [] {
+			0xd9, 0x59, 0x7b, 0x26, 0x1e, 0xd8, 0xb3, 0x44,
+			0x93, 0x23, 0xb3, 0x96, 0x85, 0xde, 0x95, 0xfc };
+		static readonly byte [] intEntropy = new byte [] {
+			0xc4, 0x01, 0x7b, 0xf1, 0x6b, 0xad, 0x2f, 0x42,
+			0xaf, 0xf4, 0x97, 0x7d, 0x4, 0x68, 0x3, 0xdb };
+
+		public byte [] Encrypt (string plainText, string password)
+		{
+			byte [] salt = new byte [16];
+			RandomNumberGenerator.Create ().GetNonZeroBytes (salt);
+			return Encrypt (plainText, password, salt, null);
+		}
+
+		public byte [] Encrypt (string plainText, string password, byte [] salt, byte [] iv)
+		{
+			MemoryStream ms = new MemoryStream ();
+			StreamWriter sw = new StreamWriter (ms, new UTF8Encoding (true));
+			sw.Write (plainText);
+			sw.Close ();
+			byte [] plain = ms.ToArray ();
+
+			string ns = "http://schemas.xmlsoap.org/ws/2005/05/identity";
+			string encNS = EncryptedXml.XmlEncNamespaceUrl;
+
+			byte [] encKey = CreateEncryptionKey (password, salt);
+			byte [] intKey = CreateIntegrityKey (password, salt);
+
+			RijndaelManaged aes = CreateAES ();
+			if (iv == null)
+				aes.GenerateIV ();
+			else
+				aes.IV = iv;
+			aes.Key = encKey;
+			iv = aes.IV;
+
+			MemoryStream cms = new MemoryStream ();
+			CryptoStream cs = new CryptoStream (cms, aes.CreateEncryptor (), CryptoStreamMode.Write);
+			cs.Write (plain, 0, plain.Length);
+			cs.Close ();
+			byte [] results = cms.ToArray ();
+
+			byte [] clearTextBlock = CreateSubArray (plain, plain.Length - 16, 16);
+			byte [] integrity = SHA256.Create ().ComputeHash (JoinArray (JoinArray (iv, intKey), clearTextBlock));
+
+			ms = new MemoryStream ();
+			XmlWriter w = XmlWriter.Create (new StreamWriter (ms, new UTF8Encoding (false))); // no BOM here
+			w.WriteStartElement ("EncryptedStore", ns);
+			w.WriteStartElement ("StoreSalt", ns);
+			w.WriteString (Convert.ToBase64String (salt));
+			w.WriteEndElement ();
+			w.WriteStartElement ("EncryptedData", encNS);
+			w.WriteStartElement ("CipherData", encNS);
+			w.WriteStartElement ("CipherValue", encNS);
+			w.WriteString (Convert.ToBase64String (JoinArray (
+				JoinArray (iv, integrity), results)));
+			w.WriteEndElement ();
+			w.WriteEndElement ();
+			w.WriteEndElement ();
+			w.WriteEndElement ();
+			w.Close ();
+			return ms.ToArray ();
+		}
+
+		// content string -> salt and cipherValue
+		// cipherValue -> iv, intExpected, content
+		// iv+content -> bytesToDecrypt
+		// password+salt+encEntropy -> encKey
+		// password+salt+intEntropy -> intKey
+		// AES(iv,encKey)+bytesToDecrypt -> decrypted
+		// decrypted -> clearTextBlock
+		// iv,intKey,clearTextBlock -> intComputed
+
+		public string Decrypt (string crdsxml, string password)
+		{
+			XmlDocument doc = new XmlDocument ();
+			doc.LoadXml (crdsxml);
+
+			byte [] salt = Convert.FromBase64String (
+				doc.DocumentElement.FirstChild.FirstChild.Value);
+			if (salt.Length != 16)
+				throw new ArgumentException (String.Format ("Invalid salt length: expected 16 bytes but got {1} bytes", salt.Length));
+			byte [] cipherValue = Convert.FromBase64String (
+				doc.DocumentElement.LastChild.InnerText);
+
+			return Decrypt (password, salt, cipherValue);
+		}
+
+		public string Decrypt (string password, byte [] salt, byte [] cipherValue)
+		{
+			byte [] iv = CreateSubArray (cipherValue, 0, 16);
+			byte [] intExpected = CreateSubArray (cipherValue, 16, 32);
+			byte [] content = CreateSubArray (cipherValue, 48, cipherValue.Length - 48);
+			// LAMESPEC: the actual content is iv+content.
+			byte [] bytesToDecrypt = JoinArray (iv, content);
+
+			EncryptedData ed = new EncryptedData ();
+			ed.CipherData = new CipherData ();
+			ed.EncryptionMethod = new EncryptionMethod ();
+			ed.EncryptionMethod.KeyAlgorithm = EncryptedXml.XmlEncAES256Url ;
+			ed.EncryptionMethod.KeySize = 256;
+			ed.CipherData.CipherValue = bytesToDecrypt;
+
+			byte [] encKey = CreateEncryptionKey (password, salt);
+			if (encKey.Length != 32)
+				throw new Exception ("INTERNAL ERROR: Unexpected encryption key size: " + encKey.Length);
+			byte [] intKey = CreateIntegrityKey (password, salt);
+			if (intKey.Length != 32)
+				throw new Exception ("INTERNAL ERROR: Unexpected integrity key size: " + intKey.Length);
+			RijndaelManaged aes = CreateAES ();
+			aes.IV = iv;
+			aes.Key = encKey;
+
+			// We need some hook to retrieve TransformFinalBlock
+			// bytes for integrity check.
+			byte [] decrypted = new EncryptedXml ().DecryptData (ed, aes);
+			byte [] clearTextBlock = CreateSubArray (decrypted, decrypted.Length - 16, 16);
+
+			byte [] intComputed = SHA256.Create ().ComputeHash (JoinArray (JoinArray (iv, intKey), clearTextBlock));
+			if (!ArrayEquals (intExpected, intComputed))
+				throw new CardSpaceException (String.Format ("Integrity check failed: expected {0}, actually {1}",
+					Convert.ToBase64String (intExpected),
+					Convert.ToBase64String (intComputed)));
+
+			// since the restored bytes contain BOM, they had
+			// better be stripped by StreamReader (since I'm not
+			// sure if future versions of this data keep BOM).
+			MemoryStream ms = new MemoryStream (decrypted);
+			string s = new StreamReader (ms, Encoding.UTF8).ReadToEnd ();
+			return s;
+		}
+
+		RijndaelManaged CreateAES ()
+		{
+			RijndaelManaged aes = new RijndaelManaged ();
+			aes.BlockSize = 128;
+			aes.Padding = PaddingMode.PKCS7;
+			aes.Mode = CipherMode.CBC;
+			return aes;
+		}
+
+		byte [] CreateEncryptionKey (string password, byte [] salt)
+		{
+			return CreateComputedKey (password, salt, encEntropy);
+		}
+
+		byte [] CreateIntegrityKey (string password, byte [] salt)
+		{
+			return CreateComputedKey (password, salt, intEntropy);
+		}
+
+		byte [] CreateComputedKey (string password, byte [] salt, byte [] entropy)
+		{
+			byte [] pkcs5 = new PasswordDeriveBytes (
+				// LAMESPEC: the actual password string is decoded as utf-16LE
+				Encoding.Unicode.GetBytes (password), salt, "SHA256", 1000).GetBytes (32);
+
+			return SHA256.Create ().ComputeHash (JoinArray (entropy, pkcs5));
+		}
+
+		public static byte [] CreateSubArray (byte [] array, int index, int length)
+		{
+			byte [] ret = new byte [length];
+			Array.Copy (array, index, ret, 0, length);
+			return ret;
+		}
+
+		public static byte [] JoinArray (byte [] a1, byte [] a2)
+		{
+			byte [] ret = new byte [a1.Length + a2.Length];
+			Array.Copy (a1, 0, ret, 0, a1.Length);
+			Array.Copy (a2, 0, ret, a1.Length, a2.Length);
+			return ret;
+		}
+
+		public static bool ArrayEquals (byte [] b1, byte [] b2)
+		{
+			if (b1.Length != b2.Length)
+				return false;
+			for (int i = 0; i < b1.Length; i++)
+				if (b1 [i] != b2 [i])
+					return false;
+			return true;
+		}
+	}
+}
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/IdentityStore.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/IdentityStore.cs
new file mode 100644
index 00000000000..592641d19f7
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors/IdentityStore.cs
@@ -0,0 +1,50 @@
+using System;
+using System.IO;
+using System.ServiceModel;
+using Mono.ServiceModel.IdentitySelectors;
+
+namespace Mono.ServiceModel.IdentitySelectors
+{
+	public abstract class IdentityStore
+	{
+		public static IdentityStore GetDefaultStore ()
+		{
+			return new LocalFileIdentityStore ();
+		}
+
+		public abstract void StoreCard (IdentityCard card, string password);
+	}
+
+	public class LocalFileIdentityStore : IdentityStore
+	{
+		static string GetStoreFile ()
+		{
+			return Path.Combine (GetStorePath (), "identity.lst");
+		}
+
+		static string GetStorePath ()
+		{
+			// FIXME: support other alternatives
+			return Path.Combine (
+				Environment.GetFolderPath (Environment.SpecialFolder.ApplicationData),
+				"identities");
+		}
+
+		public LocalFileIdentityStore ()
+			: this (GetStoreFile ())
+		{
+		}
+
+		string store_file;
+
+		public LocalFileIdentityStore (string storeFile)
+		{
+			store_file = storeFile;
+		}
+
+		public override void StoreCard (IdentityCard card, string password)
+		{
+			// FIXME: store card both as public-only and encrypted state
+		}
+	}
+}
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors_test.dll.sources b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors_test.dll.sources
new file mode 100644
index 00000000000..748daf46c8b
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Mono.ServiceModel.IdentitySelectors_test.dll.sources
@@ -0,0 +1,2 @@
+Mono.IdentityModel.Selectors/IdentityCardEncryptionTest.cs
+Mono.IdentityModel.Selectors/IdentityCardTest.cs
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/Mono.IdentityModel.Selectors/ChangeLog b/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/Mono.IdentityModel.Selectors/ChangeLog
new file mode 100644
index 00000000000..bb26af29015
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/Mono.IdentityModel.Selectors/ChangeLog
@@ -0,0 +1,16 @@
+2007-04-27  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* IdentityCardTest.cs : some flexibility on xml declarations.
+
+2007-04-26  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* IdentityCardEncryptionTest.cs : added encryption test (roundtrip).
+
+2007-04-25  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* IdentityCardTest.cs : added test for Save().
+
+2007-04-18  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* IdentityCardTest.cs
+	  IdentityCardEncryptionTest.cs : initial commit.
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/Mono.IdentityModel.Selectors/IdentityCardEncryptionTest.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/Mono.IdentityModel.Selectors/IdentityCardEncryptionTest.cs
new file mode 100644
index 00000000000..eca24ec001c
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/Mono.IdentityModel.Selectors/IdentityCardEncryptionTest.cs
@@ -0,0 +1,67 @@
+//
+// IdentityCardEncryptionTest.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2007 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.IO;
+using System.Text;
+using System.Xml;
+using Mono.ServiceModel.IdentitySelectors;
+using NUnit.Framework;
+
+namespace MonoTests.Mono.ServiceModel.IdentitySelectors
+{
+	[TestFixture]
+	public class IdentityCardEncryptionTest
+	{
+		[Test]
+		public void Import ()
+		{
+			string encxml = new StreamReader ("Test/resources/rupert.crds").ReadToEnd ();
+			string xml = new IdentityCardEncryption ().Decrypt (
+				encxml, "monkeydance");
+			XmlDocument doc = new XmlDocument ();
+			doc.LoadXml (xml);
+		}
+
+		[Test]
+		public void Export ()
+		{
+			byte [] salt = Convert.FromBase64String ("ofkHGOy0pioOd7++N2a52w==");
+			byte [] iv = Convert.FromBase64String ("OzFSoAlrfj11g246TM4How==");
+			XmlDocument doc = new XmlDocument ();
+			doc.Load ("Test/resources/rupert.xml");
+			doc.RemoveChild (doc.FirstChild);
+			byte [] result = new IdentityCardEncryption ().Encrypt (doc.OuterXml, "monkeydance", salt, iv);
+			string resultText = Encoding.UTF8.GetString (result);
+
+			string roundtrip = new IdentityCardEncryption ().Decrypt (resultText, "monkeydance");
+			doc = new XmlDocument ();
+			doc.LoadXml (roundtrip);
+		}
+	}
+}
+
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/Mono.IdentityModel.Selectors/IdentityCardTest.cs b/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/Mono.IdentityModel.Selectors/IdentityCardTest.cs
new file mode 100644
index 00000000000..76fb08965a1
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/Mono.IdentityModel.Selectors/IdentityCardTest.cs
@@ -0,0 +1,79 @@
+//
+// IdentityCardTest.cs
+//
+// Author:
+//	Atsushi Enomoto <atsushi@ximian.com>
+//
+// Copyright (C) 2007 Novell, Inc.  http://www.novell.com
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+using System;
+using System.IO;
+using System.Xml;
+using Mono.ServiceModel.IdentitySelectors;
+using NUnit.Framework;
+
+namespace MonoTests.Mono.ServiceModel.IdentitySelectors
+{
+	[TestFixture]
+	public class IdentityCardTest
+	{
+		[Test]
+		public void Load ()
+		{
+			IdentityCard ic = new IdentityCard ();
+			ic.Load (XmlReader.Create ("Test/resources/rupert.xml"));
+			Assert.AreEqual (DateTimeKind.Utc, ic.TimeIssued.Kind, "#1");
+			Assert.AreEqual (11, ic.TimeIssued.Hour, "#2");
+			Assert.AreEqual (23, ic.TimeExpires.Hour, "#3");
+			new IdentityCard ().Load (XmlReader.Create (
+				"Test/resources/managed.xml"));
+		}
+
+		[Test]
+		public void SaveRoundtrip ()
+		{
+			SaveRoundtrip ("Test/resources/rupert.xml");
+			SaveRoundtrip ("Test/resources/managed.xml");
+		}
+		
+		void SaveRoundtrip (string file)
+		{
+			IdentityCard ic = new IdentityCard ();
+			ic.Load (XmlReader.Create (file));
+			MemoryStream ms = new MemoryStream ();
+			XmlWriterSettings xws = new XmlWriterSettings ();
+			xws.OmitXmlDeclaration = true;
+			using (XmlWriter xw = XmlWriter.Create (ms, xws)) {
+				ic.Save (xw);
+			}
+			XmlDocument doc = new XmlDocument ();
+			doc.Load (file);
+			if (doc.FirstChild is XmlDeclaration)
+				doc.RemoveChild (doc.FirstChild);
+			string expected = doc.OuterXml;
+			doc.Load (new MemoryStream (ms.ToArray ()));
+			string actual = doc.OuterXml;
+			Assert.AreEqual (expected, actual, file);
+		}
+	}
+}
+
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/resources/ChangeLog b/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/resources/ChangeLog
new file mode 100644
index 00000000000..0d492102eff
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/resources/ChangeLog
@@ -0,0 +1,4 @@
+2007-04-18  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* managed.xml, rupert.xml, rupert.crds : initial commit (managed.xml
+	  is an extracted version of a backup card from pingidentity.com).
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/resources/managed.xml b/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/resources/managed.xml
new file mode 100644
index 00000000000..c66be3675d2
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/resources/managed.xml
@@ -0,0 +1,70 @@
+<RoamingStore xmlns="http://schemas.xmlsoap.org/ws/2005/05/identity">

+  <RoamingInformationCard>

+    <InformationCardMetaData xml:lang="en-us">

+      <InformationCardReference>

+        <CardId>https://infocard.pingidentity.com/idpdemo/sts/cards/ginga</CardId>

+        <CardVersion>1</CardVersion>

+      </InformationCardReference>

+      <CardName>ginga</CardName>

+      <CardImage MimeType="image/jpeg">/9j/4AAQSkZJRgABAQEASABIAAD/4QAWRXhpZgAATU0AKgAAAAgAAAAAAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wAARCACOAOADASIAAhEBAxEB/8QAHAAAAQUBAQEAAAAAAAAAAAAAAAMEBQYHAgEI/8QATRAAAgEDAQUDCQQDCwsFAAAAAQIDAAQRBQYSEyExB0FRFBciYWZxkaTjMoGhsSNCoggVFjZSYrLB0eHwJCUzVXJzdYKSk7M1Q1PC4v/EABwBAAIDAQEBAQAAAAAAAAAAAAABAgMEBQYHCP/EADQRAAEDAgIIBQMEAwEBAAAAAAEAAgMEERIhBRUxQVFSodETYXHB8BSB4QYiI5EykvEkQv/aAAwDAQACEQMRAD8A+yqKKKEIooooQiiiihCKKKKEIooooQiiiihCKKKKEIooooQiiiihCKKKKEIooooQiiiihCb3tz5Mgcxs6k49Huqv6ncca8NxCXjIAG9nmPdU3qc4WMw8MneGCT0/vqCv2itrfeZEL8GSUK0oU4TGcAjBGDkkkYwOtfO/1PPPVzmlhku1v7iLWIIyyNvP2XRpMLBiIUZK8iSrIpIkB3l59D4mudP1EWl811MzvlWVnHNixHr/AMfhTidrd9Zew4MLoHZWMd9vScj1ZeH6PfyzUcbZpdDTVdxYHkZXSETB+HC3IN0BJ3iO78a8X9BXUkviwuBdGS47ci0Ak2IA3j12DK667JYpG4X7Dl/atm3dz5LspfMDhnQRj17xAP4E1XuyW+zFeaax5qRMg9R5N/8AX4047Wrnc0q0tQcGWYufco//AEKp+xN9+9+0tpKThJG4T+5uX54P3V+kKenx0TuJz/pfPaiowVreAy/tbLWTy6vxe0NNQDfoxdCNT/MHoZ+HP760Xai+/e7QLy7DYdYyEP8AOPIfiaxQEggg4I6GjRkOJr3HfknpWcscxo3Z9lv1FN9NuBd6dbXQ/wDeiV/iAaqnaNtfcbMSW0cUERFwhKu4LEkHmABjxHf31zYoHyyeG0ZrpzVDIY/Ecclc6KxGftV2jiYMtpbbp6caIgH4EfnV57PNvrbaeVrG4txaagib4UHKSAdSveCPD8Tzxrn0XUws8Rwy8lkg0rTTP8Npz81daKqvahtHfbL6BBf2EVtLLJdLCROrFd0o57iOfoiqPJ2v3n7zRLHpludTLMJGIYQqM+jhc5Jx3Z7vXUINHTzsD4xcE2Up9JU9O8skNiBdbFRWGQdq+1EFwDcwWUqZ5xtCVOPUQf7a1bYraay2o0ry21UxSI27PCxyY29/eD3H++nVaNnpm4njLiEUukoKp2Bhz4FTtGKr3aDrl3s7s3JqlnaRXLo6qwkJCqDy3jjrzwO7rWVP2pbXtmYR2ax+q3O78Sf66dLo2apZjZa3qlVaTgpX4H3v6LdqKy3YztV8u1GKw120hgMzBEuIchQx5DeUk4Hrz91aXqN5bafZzXt5KIYIULu7dwH+OlUVFHNTvDHjM7PNX09ZDUML2HIbfJL0VjOu9rmpzXTR6JZQQQb2FedS8jevAOB7ufvpnF2s7SRRSw3NtZSSFCEfhlWRu44zg+7FbW6Eqi29h/awu03SB1rn1styorPux7W9pdWsHGqwtPZJnhXrnDM2ea4/W9/d05903tztlp2ytuonBuLyUZit0OCR4sf1R6/76ySUcjZ/AGbvJbI62J0Hjuyb5qzUVi8favrNxIW8jghQf/HGXAHryas2zHaPb3syQ6isKhjjjREgL/tKeY9/4VdLoqpjFyFRFpamkdYFaFRXikMAykEHmCO+qhtVtrDplw9lYRLc3CHDsx9BD4cup+FY4oXzOwsC2zTMhbieVabzPDwqFyeWMZH31A6paR3KCK6a4EQ+1GJmRZPUyg4Ye+qjHt3r4biFLZ0B5gxHHxzTxtrdJstJtp72dTd3LyutpCwaTLTOeY/VXn9o/dmvNfqj9M1kwE0Ru42aAOBve5+BOi0nA92HYBnmpS8jdrhp/KrouQQA07FY89SATgH8qiv3vQ5SNZm3o1iADHeZFxheX6vLpU6yRtEty4Zbfc4jDv5dR8eQ94pK3KeTy3SFoi0LLut1BIwN09/P76+eR/pzSVXN/JcAOwuN7kbM7bxa2fsF6BtXFG3LgoHtWueJrsFsDyhgBPqLEn8gKhtf0l9MtdMuRkLd2yyE+D9SPgVrvauU6hthdhWGXuBAv3YQflV37TtPeTYqd7RAZbFRLGCP1VGG/Zyfur9CMk8AQx8dvz1K8A+LxzNJw2fPQKB2+1+O62X0oNKqm4XjTZOMFfRx/wBW98Kqe0kLaVsvpGqpEXN+ZDlsgKBjc+Iyaq2kQXu0OuWOmtNI7TSrGuT9hScsQO4Dma2Htp02P+AEfAjCx2E0ZQD9VMbmPd6Q+FaixlHLFBf/ACJv99nzyWYPfWxSz2/xAt9tvzzUn2T6k2p7EWkkhBkhZ4Xx6myP2SK7202w2f2cmjW+HlN8oLRwxKGdAe8k/ZBx7/Uaqn7ny93rDVNOJ/0cqTKM/wAoYP8ARFZza720m2sQv5mU396BK+eahmxgZ6cuQ+6srdHMkq5ceTW55eea1O0k+OjiwZudln5ZK86n2tW99DJaT7MRz2sgKuktzneH/RyNUvs/uTa7d6RLDlQ12kY59zndI+DVukGyOyWn2TBtE0/hRoS8k8YcgDqSzZNYNsq0Z260p4xuxnUoSox0HFGK2UMlPJFK2FhAtnc7dvmsdfHUxSxOneCb7hszHktX7fv4m2n/ABFP/HJUN2AafZTDUb+a2jkuYXRYpGGSgIJOPA+vrUz2/fxNtP8AiKf+OSmH7nv/ANO1b/ex/kaxRkjRLrcfcLbIAdLtvw9irB2x6ba3uxF3cyRIbi03ZIZMekvpAEZ8CCeXuqjfufp3Xaa/tg36OSzMjDPUq6gf0jWjdqX8QNW/3Q/pCs07Af45Xf8Aw9//ACR0UZLtGSg7vwisAbpOIjeO61rafWdH0XS2uNZkjEDHCxsN8yMOYAXvP5Vn192xW6sY7LQXki6AzThDj/ZCn86rPbZez3O3E1rIzcK0ijSJe4byhifi34CtI2H2J2ag2esbiXTra+nuIElklnUSZLKDyB5Ac6i2mpaWnZLOC4u2BTdU1VVUvigIaG7SsR2k1C21TWZ7+0sE0+OYhjAj7yq2BkjkOp549dav2p3lxc9lGl3IJPlRtnnOeoMZbn/zYrP+1OLToNt7230yGCGCIIhSFQqht0b2AOXX8a2OzsdP1PsusbTU5FjtG0uEySEgcPEaneyfAjNbq2VjG08tsgfvZYKGJ73VEV8yPte6pH7n60sZbjVLuREe8hEaxFhkop3ske8gf4NSH7oG0shpNhfbiLe+UGMMPtNHuknPjghfdn11mWktqtlrsg2Zubu5mQssctrE29Inju4zjpyIqan0Hb3am/Q6hZai7j0RJdoYkjHfjIAH3CrJKXDWCpdIAOByOxVxVWKiNM2Mk8RmNqu/7n6WVtB1GJiTElyCmT0JUZ/IVmG0OqJrO19xqOoPKbeW59IR4LLEDgBQeWQv419AbEbPQ7M7PxabE/EkyZJpAMb7nGT7uQA9Qr58S0ttO2tFjq8bm1gvOFcgEg7gbBIxz6c6q0fLHNUzyt+3Gyt0jFJDSwRO+/C/y61PTu1HY/TrOO0sdJ1O3gjGFRIIwB+3zPrqhdo2uaBrmpQahodnc2c5BFzxEVA55brDdY8+uT7q1OHs22KmhSaGyeSNwGVkunIYHoRzoPZtsUsqxNZuJHBKobp8sB1wM92RWWCsoIJPEYHX+bc1qno6+ePw3ltvmzJR+yu0lxbdjsuqzM0k9mjwqxPMneCp8N4fCq72aQWe0eu7s2XjgjM0sbfrcwAD95/Crrtjs9aWHZhqekaTAyQxx8ZU3ix9Fw55nn3Gs37E9VttN2uaG6kWNLyAwozHA38ggZ9eCPeRUoQ2SnnliFjc29Pl1CfFHUQRTG4sL+vyy3dYolhEKxosYGNwKN3HhisW1WKNdqLuBEVYxeugVRgAb5GBW2ViOozwzbY3yxyBmTUZAw7x+kNYtFXJf6LdpawDPVbJc2FvcW/k7grH4KcV2llbpbiAJlB40uK9rkrrrGtmtjtr5NtLDUdb0/hWsVxx5G48bBSMsOQYk+litikjSWJopFDI6lWUjkQeorJdE0mTRtr7SaMlkiueGx7wCSp/A1qt5OlraS3Mv2Ioy7e4DNdTSb3SSMNwcsrC3uVytFsbHG8WIzzub+wWd9m2wl7oW11/f30IFvAGSxffUmQMcb2Acg7oxzx9qrrtjpsmrbLalp0SB5ZoGES5Ay45qMn1gVRuz3UJo9rLh7ljjUSS+em/ksP6x99XbbSYw7LagwOC8RjH/N6P9dOsdMatpcc8rfPVFG2EUjgwWGd/noqF2S7LbT7P7SSz6lppgtJrdo2bjxthsgjkrE9xH31G7ddmerx6vPf6BEt1bSyGQRBwskRPMgZIyM9Mc/zqX7J9N3ddnu2XlDAQOXQsR/UDUXtFc6ltLrfD35GjeXct4d7CqM4HLx8TXRE031jnhw2C+WX9X91zTDD9G1hadptnn/dvZMbbZftI1pVsL+e/itDyc3d2dzHrXJLfCkdX7O9p9H16I6TbPfxIyyQXCFR6QwfSBPLB+6rIdg9d0xPLrO6i48Q3sQSMH+7kM1B3EV7r2uRPezNJNcSJHvHuBIAwO6r46p7nExubh3i3591RJSsa0CRjsW43/Hsr12p6Lre0Ox9ja2dkkl8tzHNNEkqhU/RuGwzEZALAUj2ObPaxs/ZajHq9n5M00iGMcRHyADn7JNOO1G0UbJ2dqm+UiuUVd5t44COOZPWkOyCDgWeoDGMyJ+RrleI76AtBFr8M9vG/sut4bNYNcQb245bOFvdWHb6wu9U2Q1GwsYuNczRgRpvBcneB6kgCqN2QbI7Q6BtLcXmraf5NA9m0atxo2yxdCBhWJ6A1edu04myWoJ4xj+kKpHZJbcHaO4bBGbRh+2lKle8UUjQRb0z3b7+ydUxhrY3EG/rlv3W9087VNgbrXrldW0gxm8CBJYXbdEoHQgnlnu58unhzpen7PdpkEQ020TVLaDpuC7CRr44O9jHuq49puqXs2oHSYJZIreNAZQhxxGIzz9WCOVRmn9n2q3NlHeJNbQl1DojMQ2Oo6DlW6lqHxUzRK4W3XF/cLBVU7Jalxia6++xt7FQuu9l20Flp9vc227qFw+fKYojzjPdjON711fNG0DWtS7LG2e1ZFsbrc4cJLbx3VYMm9jp0xjny+FUzXjrMgj0vVZ5pPIyVVXOcE95Pfy6Hwq+aVYXmmdm5TTGlN3LDxgQckbxBO6O70fDv9dQq5pjGzG4E4rg2/Oz7KdHDCJX4GkDDYi/42/dZnF2fbe6dcObC2dWxu8W3vUTeH3sD8a51LSO0jR7R7+7l1aKGIbzul/v7o8SFcnFObXSpdSumWa8ijkIyZLqUgH7z31K2mwt1dPuQalpUh/mXG8fgBW51UWn+Vzf9T3WBtKHD+Jrv9h2Uh2P7aalquoPomrzeUvwjJBMw9PljKt48ueevKpHtJ7PF2guDqmlyRQagQBIr8kmx0OR0bHLPfyqY2K2Rt9nmkuXl493Iu4WAwqL1wPh1qA2/2ivp72TS9NmkhgiO5K8Zw0jd4z3AdPXXJEmOsx0n7Rv4eeS65jwUWCr/AHHdx8s1SrbZ3tK0hTa2UWpwR5+zBcgp7xhsVNbGbH7cHai01vU52tzA4LyXU/Fd06FQASeYJHMjrS9j2eavdwCeZ4Lcvz3ZWO99+AakNnNktf0jaK2C3DRWxbelkgkyjKOqkHx6cx+Vbpq1rmODXtvbPL8n3WGCic17S5jrXFs/wPZaWyqyMrKGVuRBHIisY2z7LNRhvZLrZ1UubVyWFuXCvH6hnkR4c8+/rWxXU0dtbS3EpxHGpdj6gM1kGu3ur7T6kIsymN2xDbIfRA7sjvPiT+VczRTpmPLmOsN99i6elmwvYGyNud1tqjbHQO0+VBYI+qQQfZPEvN1FH/V09QpK27OtsrTV0dNODpFOP0yXMYDKG+0AWzgjngjNWWHs51lI1nS5tYpl5qokYMD7wOtQsOkXsmtE3IYzLcfpnc5y+96XPvOc12G1hdi8Nzbb/wBv5XGdRhuHxGOvu/d+FuIFFeUV5JevVQ1q0KarM6jG8wcH3/31J7TP5RpCwAkeUAE48Ov54pzqluJJVfH6uKbyQNLuKR9ld0VrD74SdyxmPDiA3qoHSLmykguYxk5DowHQg/3VZdr5hd6DbhByncMR6gM4+OKlb+1VrWNVH+j5D3UxmtuLCkTjIQnd9Was+o8RzXO3KsU/htc1u9N9g7MW1jcS4wZZAPuA/vNV+70yfSNYEkaf6OTfiYjkwzyq96dALezSNff8TXV35OVCXCB1PcVyKg2qcJHHbdWOpWmNo2EKIh2mhKDi2k6v3hcEfmKqul2f+fLWUJgeUowHh6Qq5y2elAFhBk+ALc6aafY/5bG+7gK297sVZHKxgdhFrquSJ73NxG9l7t3Fx9IiTGcXAP7LUhsDBwLe6GMZZfyNS+uQ8a0VcZxID+Bpto+7ab6MpAcg5HdVQk/gwKx0f/oD0vtMnE0K6THVB+Yqt7CW3A1eV8YzbkftLVl1SVJrVoY8sXxk46CkNCtODNJLjHo7v+PhRHJghc0705I8czXDcoLbTSHbUDfqhaOVQGOOjAY/ICnuk7QcCzjt7q2kYxqFDx4OQOnI1Y5mRIiZBlehGM5phJaaS/pGFQf5oIpicPYGPF7JGAseXsNrqnbQhNS1SS7jiZVYAYYc+QxVtN02n7MW0iKDItvGiA+O6KZT2MbzngRbqHkoqU1O04mnJCozw8HHuGKnLI1wY07AoRROaXu3lUuw0S51e8ldnAJO9JIw7zXuq7PT6W8ciyB1J9F0yCCPyq16Nu2hkRxhXwc46V3rJW6iSJBvANvE4/x41P6uTxLD/FV/SR+Hf/6XuzN7Nd6aPKDvTRncZsfa8DVHt4Wh1JLt4hIyS8Qqe85zV70O34ED9Ms3SmF3p/BvC6orKW3lBGQfVUIpWse4DerJYnPYwnckP4UXP+r0/wC4f7KP4UXP+r0/7h/sqYjXTmQFrWFT3gxD+ymOoW0VxIot7dI1XvCAZqLTETYsUnCUC4eudRu5NR2TuZeFw2b0SoOf1h/VUVsLZLFqkszLzWIheXTJFWi2skTTfJXAO8Dve800tIWtJ95UAxyIHhSbKAxzG703REva925S+ap13bZ1aZsdZ2P7VWzjx4zk+7FRU0GZzKVIDOWGR66rgdgJVk7MYCm80ZpJnO5vKOdAk9HOOdZ1oSkkQcDJrlYFDA56UrRTulZcsgYEE9aT8nXx/ClqKLp2XIXAxmuXhV+tKUUkJDyWOu44lQeiMUpRTuUrBJyRLIuGPLOa58mj3cY++lqKLlFgkPJY/XSqxhRheQrqigklAAC4eIOu63SkvJY/E04ooBIQQCkkt0Q5A5+Nd7vrrqildO1kg1tGTnp7qPJY/XS9FPEUsISUcCxnIPOumjVhhuYruii6LJDyaPurtIVU5HWlKKLlFgvN311y8St16+Nd0Uk0j5Ovia64S7u71HupSig5osuOGPGjhjGM13RSsEXRRWS+eb2b+e+nR55vZv576ddTU9ZydR3XM1zRc/Q9lrVFZL55vZv576dHnm9m/nvp0anrOTqO6Nc0XP0PZa1RWS+eb2b+e+nR55vZv576dGp6zk6jujXNFz9D2WtUVkvnm9m/nvp0eeb2b+e+nRqes5Oo7o1zRc/Q9lrVFZL55vZv576dHnm9m/nvp0anrOTqO6Nc0XP0PZa1RWS+eb2b+e+nR55vZv576dGp6zk6jujXNFz9D2WtUVkvnm9m/nvp0eeb2b+e+nRqes5Oo7o1zRc/Q9lrVFZL55vZv576dHnm9m/nvp0anrOTqO6Nc0XP0PZa1RWS+eb2b+e+nR55vZv576dGp6zk6jujXNFz9D2WtUVkvnm9m/nvp0eeb2b+e+nRqes5Oo7o1zRc/Q9lrVFZL55vZv576dHnm9m/nvp0anrOTqO6Nc0XP0PZa1RWS+eb2b+e+nR55vZv576dGp6zk6jujXNFz9D2WtUVkvnm9m/nvp0eeb2b+e+nRqes5Oo7o1zRc/Q9lrVFZL55vZv576dHnm9m/nvp0anrOTqO6Nc0XP0PZZJRRRXuF4VFLNbTrZJeFMQPI0Stkc2UKSMdejL8aRqTuGP8F7FN7l5bcnH/ACQVFxIIA3qbWggk7u6jKKsmo2lrYGPUJbRDGbO3W3jKkJLM0CMznuIUsCR3llB5E0z1Kxhj1m/aO3aSwi/TII5RHuxvgx82BOcMvLGevgarbOHfPnFWOgLfnzgk4LfT7bTobnUIrmWS5ZuEkUgQKinG/kqd7LbwA5fZPjUYevKpXaA2qPa28MNwoitYyu/OHwHHE7kHe5qTbUY2vX0OOWL95raKZVU+gszrGf0pPUuWUFc9OSjlURI4DFa98/t3UixpOG9rWH37KrUVOai9tbQ215HaoZriCLhcRAUVUQI77vMMS6sOf8knGSMLcJ4tM0/WJ4kaKC2IhDKN15jPKQpHeAAzEdOQB6jMvGyBtty+6iIcyL7M/sq7RVyt7W3m2yt9Q1GPixzNZyOjFcTTzpG7ZH8nLOxwMcgvLIqA0E8G6uL54eJ5HA0oGSpVyQiNy/ku6nHqpNnDhcDcOu5DoC0gE7z03qOkR423ZEZDjOGGKVvbZ7SZYnZWLRRy5Hg6Bx+DCp28mntdnjBdzyzX8d9FOY524ixZWUlSrZG8TgsD1yARkGkto9VuXuVi4djuvZ24JFlCGGYEzghcjryx07sUmyuc6wHH28k3RNa25OeXv5qL1EWKmGOyaSTdiHGkbkHc8zujuUdBnmcZ5ZwGlT+u23lO19xDNPL5NHdJazXTAtuhcJvE+OFJ5nng13casdUt7+GYRRWNvbf5DbZ3RCRIoG7j7TYZsk8zzJ6ChspwtsL8fuh0QxOubcPsq7RVk1G0tbAx6hLaIYzZ2628ZUhJZmgRmc9xClgSO8soPImo/WtPKapfmzjXySIiZCGwFifBjHpc84YcuvXwNSZM11vnzaovhc2/z5sUais7hEUszHAAGSTTybSr6JHYxxvwwTIscyOyAdSyqSVx35HKldA3o2vbqJA09tatJFkZ3WLKpYetVZmB7iAe6munTXcNziy3uNMjQbqrvFg6lSoHrBIqRc4k4dyQa0AYt6QRGdwiKzMegAyTXhBBweRqbsYLmDTZYLRN+6vZzbrLFL0RFDSqe7B30OemFPd1fXckV5q+lwo8t/JJYSWweQ77SysZkQgnHLJXGeYGPCoGex2ZfP8Aim2C425/P+qq070q2S6unikLBVt5pBunnlImcfdlRUjp8sA1VIbS3t3gtQ8+ZowxnaJC53ieYViv2RgYIByeZeaPPPZWd75VxJbvU7WZ1ST9VOG5Mxz+s3MD1Fj3jKklIBsM044gXC5yVXooorQsyKKKKEIooooQiuzLIYVhLkxqxZV7gSACf2R8K4ooQnN9fXd7wfKp3lEESwxA9ERRgACvJr27mtktpbiR4UwVQnlkDAPrIHIeA5U3oqOFo3KRc471I7Q87+IggjyO16f7hKRuL6WVHRUigWQkyCFN3fyQefqyAd3oMcgKakk9TXlJrAAAdybnkkkb04urqW5ito5MEW0XCTr9neZuf3saJ7y6ntbe1lndoLYMIYyfRTeJJwPEk9fd4Cm9FSwjgliPFO77Uby9S3S5lDi3jEcWEVSAAAMkDmcBRk5OAB3U6XaDVku/K47hIpt1lLRwRpnewSSAoBbIB3jzyAc8hUVRUTEwi1gmJXg3uUqJ5RBJBvnhyOruPFlBAP7TfGl11K6FoLU8BowpQFreNnAPcHK7w+PKmdFSLWnaEg5w2FSWoa3qWoXEc15MkpjfiBOEioWzzYqoAJOOZIye+mtxdySxiEKkUIweHGMAkZ5nvY8zzJOM46U3opCNrcgEzI52ZKc319d3vB8qneUQRLDED0RFGAAK8mvbua2S2luJHhTBVCeWQMA+sgch4DlTeijC0bki5x3peyuriyuVuLWUxyqCAw58iMEEHkQQSCD1BpcareqjLG0EO8rKWht442weo3lUHBBI69OXSmNFBY0m5CA9wFgU7h1G9i06XTo52W1mYM6ADmeXf17hkd+BnoKLTULq2u7K5R8vZEGEHkAAxbHLBxkn400oowNzy2oxuyz2JazuZrS4W4gYLIuQN5QwIIwQQcgggkEHkc0pLqF7LfPfPdSm5cEGTe54I3ceoY5Y8OVNaKZa0m9kBzgLXRRRRTUUUUUUIX//2Q==</CardImage>

+      <Issuer>https://infocard.pingidentity.com/idpdemo/sts</Issuer>

+      <TimeIssued>2007-04-04T17:58:36.742Z</TimeIssued>

+      <TimeExpires>9999-12-31T23:59:59.9999999Z</TimeExpires>

+      <TokenServiceList>

+        <TokenService>

+          <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">

+            <Address>https://infocard.pingidentity.com/idpdemo/sts</Address>

+            <Metadata>

+              <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

+                <wsx:MetadataSection xmlns="">

+                  <wsx:MetadataReference>

+                    <Address xmlns="http://www.w3.org/2005/08/addressing">https://infocard.pingidentity.com/idpdemo/mex</Address>

+                  </wsx:MetadataReference>

+                </wsx:MetadataSection>

+              </Metadata>

+            </Metadata>

+            <Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">

+              <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

+                <X509Data>

+                  <X509Certificate>MIIDAjCCAmugAwIBAgIDBGV9MA0GCSqGSIb3DQEBBAUAMFoxCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wKwYDVQQDEyRFcXVpZmF4IFNlY3VyZSBHbG9iYWwgZUJ1c2luZXNzIENBLTEwHhcNMDYwODAzMTg0MzE2WhcNMDcwOTAzMTg0MzE2WjByMQswCQYDVQQGEwJVUzERMA8GA1UECBMIQ29sb3JhZG8xDzANBgNVBAcTBkRlbnZlcjEiMCAGA1UEChMZUGluZyBJZGVudGl0eSBDb3Jwb3JhdGlvbjEbMBkGA1UEAxQSKi5waW5naWRlbnRpdHkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAxS/b0dzAEJx86MCKHnXoEy7/6I82hs89Gmv/x4Cg1gd7zkvgcMImn+BIWzNuMMGtzr5TWoPDBcLzg/Lgl3UolNG9S9L+Ii+s/RXzmtZGNUSLEqfkMb6WbtcPLmdDB91R29xDEYU8hda+2wHB27SNqtfMfiXzrgFuShQgkBh8OwIDAQABo4G9MIG6MA4GA1UdDwEB/wQEAwIE8DAdBgNVHQ4EFgQUXhZ/Mr/zlH8uSZ4EbOVZpW7v0VEwOwYDVR0fBDQwMjAwoC6gLIYqaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9nbG9iYWxjYTEuY3JsMB8GA1UdIwQYMBaAFL6ooHRyUGtEt8kj2Puo/7NXa2hsMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBACVd368B+WIr9mXaH91WLQKqhc16R481PYLtzr8oJi7S/x6p0MlIziWfpvjCN8IgSvEwTsJlEAlCPHQpZU2l3b6Md7ItXB656UcUKQVOjC2Y7piY806VWxiVros3FGZpPlcILMDyJYUJDAMkUhR6zPtSyZDQFkODvILLeulxD6bY</X509Certificate>

+                </X509Data>

+              </KeyInfo>

+            </Identity>

+          </EndpointReference>

+          <UserCredential>

+            <DisplayCredentialHint>Enter your username and password</DisplayCredentialHint>

+            <UsernamePasswordCredential>

+              <Username>ginga</Username>

+            </UsernamePasswordCredential>

+          </UserCredential>

+        </TokenService>

+      </TokenServiceList>

+      <SupportedTokenTypeList>

+        <TokenType xmlns="http://schemas.xmlsoap.org/ws/2005/02/trust">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</TokenType>

+      </SupportedTokenTypeList>

+      <SupportedClaimTypeList>

+        <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">

+          <DisplayTag>Given Name</DisplayTag>

+          <Description>Given Name</Description>

+        </SupportedClaimType>

+        <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">

+          <DisplayTag>Last Name</DisplayTag>

+          <Description>Last Name</Description>

+        </SupportedClaimType>

+        <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">

+          <DisplayTag>Email Address</DisplayTag>

+          <Description>Email Address</Description>

+        </SupportedClaimType>

+      </SupportedClaimTypeList>

+      <IsSelfIssued>false</IsSelfIssued>

+      <HashSalt>LCDZ1KpaQBQRZLKRcaaP9g==</HashSalt>

+      <TimeLastUpdated>2007-04-04T18:02:31.578125Z</TimeLastUpdated>

+      <IssuerId>mZqA68JI5rctQW9eyKi0q/mXiOS0wsSFtOOG+05XMyQ=</IssuerId>

+      <IssuerName>*.pingidentity.com</IssuerName>

+      <BackgroundColor>0</BackgroundColor>

+    </InformationCardMetaData>

+    <InformationCardPrivateData>

+      <MasterKey>01234567890123456789IOverwroteThisAreaHeheh=</MasterKey>

+    </InformationCardPrivateData>

+  </RoamingInformationCard>

+</RoamingStore>

diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/resources/rupert.crds b/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/resources/rupert.crds
new file mode 100644
index 00000000000..c3387cd1bf0
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/resources/rupert.crds
@@ -0,0 +1 @@
+<?xml version="1.0" encoding="utf-8"?><EncryptedStore xmlns="http://schemas.xmlsoap.org/ws/2005/05/identity"><StoreSalt>ofkHGOy0pioOd7++N2a52w==</StoreSalt><EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"><CipherData><CipherValue>OzFSoAlrfj11g246TM4Ho7ift/Ywy0HOPDDsoQKouOWvtkyPie30gEZ788f6HmzHLh/aMJJei/i74hgzpiu6tYvHeZNtE5a8bdys0SNZQt9rzaM3ooRjx7HsaM2umaSxcNig20dH26CzmfUv+WsdkWf7T/7Do/Eaa/3/sHlWs4sHerMxzE5buPaUoTc7Qvds1f2U0A8nd7ypJndex3wuRttOcu5u24cSAoHA1Ufskjk8lgLldNzqc7VHmlBKjEnNg4KNi9INmLmqbndJlCl1mz45FfPnaDKISsr8FYhQ0tgFXnG00gGsQngn+3EFI9qEUcvwNPfqT2dyDCwJB/aPBZ1ID8K7k6PDjIuoS6O1v4UinM1FkL9YdOFHf5UgGiB4Z0Lmj778AcpZx8oI16ZOp14Tv1e9QKL8sZHJfGjPclPQE87bZMYAjtcYlvYOXo+3f/uGnDTj+RspJDSoFgbI6PpKiewEKl4XjpGV8g1MymNXSadZI0GJqzA66XkkTmqpXd9n7vrnkc6/uKysoLSxWIm/iK1R7dtRi32PsU1NnAT+lOvGrknoGTJ/JIBy9fe2yCQrqQpLDv8q+jZjjD6I3ibb9cEhX3324BF5vWdcrbVQh99KCMGF9GuLG1b5M03a987lJnyAfw6w8qKC6s47t7tTUsz4WJichFk550DwBZAtSBD24rtU7I3e6JMapv4Eqvai0+4Wx86VvG5K7WtWKihGEPJI9Up8kkOiBLxNhpugeySasaVgRP5hwe+GZjGHgloLRUuFcRb2orOmzM3ItbpkrthJHYZy2sUisSaBXqBEcZABSpwMmC9JTj4TklscBas4fsRAutkIJzSyP72m3gq+7+8CQDcXqM/4om1PlFtvs7NKHdMvnyCoNDV3IWUJAAzCopz2X+r7zOa9qLLkgqr5r4UT9bL8DcgzdqNyLO9BHvSxMLtMyMvYGLI7rYstYBtLa2NuUf31vZiMINVnU2tcpk8fJuuXAFSHDFgghQX8BOVZoTfu5f2kEdP9/0XsjC8RmNJpZFZtOEJwk2QS/oMIUc0gzd9yo/HRacdkzqpAyut+RNZK5x6NybNvOZjD544gW87Rm04xaZN8oBYyi4ARRdK7vfiRohEENUCRF8cZBTbMFrSi1Xl4992+fvVAPJkJEN73FOBUpCtAUPYdZR8P0Dg1SLfbnWGSYPMqXRIw6H532beYY2v4N9uV7zYkJpe3oqI7IwgKTFre6WFbwMvJfDMJTRt+sc0Er9stgEUCjEVza7X8Wj0QBNbZRdl82NIQwGKJiJMjkf+LGBwk396PZY9Utr1hGqOi9/fDzKJ69NkHj1DQARharCZPVtKhQxyrkvhcJF0/ejFyWrb/Na8HdCtVe6VZSi5EsJffKYDKSV9y+ZKkDZrcfsLbZdjcRaR7vSUSeb+OkTo543adru4W1/2k876N2M1ASf9S2UUm0J//09UpBqvh4qDJQrjfCIwkNSU3nko4SBUhY622YH4ShR6togJeKwgtkKIBRjvns2kYSiBkGUb8ANn/nH/Jje11ikPJ38CbWh+ABjatAHsPc3drLN2Z3xJ/CquvdIgZayrWCVf7Q9PEZsR8MoVpj8zit3ebgMBODS7P+QOLb48YUUZupSd9DWDWURwC22eCOMjcAixClO4CaeNatTBkPKAyZW9TLxXkCCpRpmqDe0KWKZVb9w+1PDQwrvjAyZBbiSYSm0gHO6GgH7WYDlqcp5BoRqnAVfGA7f3l8pBydHXdqUGcXR1Ynluhc5XiOOvV3xpeu04yYb8gSVxdO7JdTNsNBB249S9qJJN7PmYsvAeRVWFRjDw7ZDizMpNJRxVrU4G2R67VgS/xEW7VajD6HCJb/pn5kAZoNW2GQt/1NxB7+SoaiSAK48wieNyVyX4Uoa66Zq7MpUKjjLSJmq9/PORqu/PuSr2n+CYTFdK96xEsffrGCTFP53WdDA3q3WZjczAfrtYbnPp+UrJr1+wxU8JnAllSI3d0NZ/R9p14pZBTONtk68KYRNI0DQj2jOupG0sQx8MHy/Dt/wATa8Un7+KBN37276ecTymK/47IJxtcFhPvVEKElTIPKw4aaGg2awuiJ5XaBzhtP5xbnvCJKgGQlRfttB/9YNTwoySNDr+DGqO5kptgKbkPprNkx5f/NL7N4+xEai+BvSUcRj8BUFJOaaXOPDANB5jnydBrd3wXmWxB00zBbeR9Mt/3Zu/3gnN7ArirAkrKWwQScsbOREWXewItqwwbanD5VhB6WjYy54ENdd6Uy0aM2qoOaHEwX4WDbfsfkkhpgTLOnodRL4zFwL1jHklVvrwSoulsmkrEnBhiG2nvAPJWiLD0YJ03j5p9TPQs45vDdJT9sVynfIDHVb5gEn9ENvYmFWAZEUVWwDxNzMsa8v0Xq+c9Y7+GA7XKGvDuNEIm9wHix0mtCOd5AWQQOKzHd/cUTy+Bl5RetxaJnYX7J1s2HVBcjnKnH0r8bCS0I+fDDzsFHOPz4L0qUaR6KA9yAiGYZAuAibDh5as603l2D1HzpOxHRmas/1eB1myDYqoj+QV5SZ+X/VVwdosLU7IckJ/nkznSwKhp2Q63H2ABOVPVXHEgpoB8Il2bkRccSqBwUSmwhZwnSaKDEalZ69FIBlomjHiE77K2cPngMawqYEUTJt9e4OevvthZJqpA5x/OiqPVDCn8Dx1Oz48C6mvzqbpsESq0pDd6Redl1QrYbjvogo1YXp38bNKDyLS0tqroB2PKDKjXocUHPQHFsyQEK4h7QgRBFBHkZkdRviNn+QPN0VEM/A8OTYXpvpBnA2nZ/gTzaTYHQN7j2rXqwMOkjNby5kTN1iJ+4wsw0dAn0aNGOXxCtXP5768EgifhLhtZKg2L2/IXz+nFjMDPDYMHRkV5jSa6TC/tvDz6rlcchl+gLpzmxQlhrFlqHnSLVw/1oUhbMHMAlz9DL0aCIxD8r5pv/b1MFJJhFOyuSORClJ49vn08yCsWk0s/VrQuxpGypHR1eR5DpROgVSJWhcHN/X4tqeM8w52AGoWG0iYjcOlhb3vmavGPKkdiLPYrCvNwum/CKLUoFD0rk9IL/cZGj1ZerPMbpk86TcSii0FaNoO+YD4jtV+7azz0lB5uq+1vBX6jL+pNFdwCbElX5732PDMnGKf2XT61WKe4K10ummEoMvOx17Q9812IDT93jryAYVJ0fQnwTrQn1yczb3X9aJEDK40F3PwtrpI+Ro3L4nnKHEvZQyZDg5MaYVWmm29vt45eBtUoCe71YhVm/b2ME4Yg6IZOMczSFu+KUcmFeunJQOMLUfigkVzD+q01BSwwuhjhjj5L9mOxUNOsxa4OYlaIsOswzKLlOzjDFVZgnQenodqi5GAA1rsSQ1HJ5NWkCZc2AP52gYbO32Hjk1yEX17fzlTi4PlBaMLXNVjnHvxkcJkQq9CnXii/tnvSXDh0iu0Jl8fjD1hkLFVFW/aoeFRUf8g8j5b8CIf9SpDaenNFNZtcRRKEBBeENTju6RRLtKplx+Uh1O//fEsLeELThSji55jd7AlNsTUV5/0UpmpmqbnKZ8TLE9huevuY47GVV5oTpP736PKDcA2hsR+UMUNut3pGYG/23Zpxf7GiXAhKgiVfED62N/LTDWGRyswjV7nBk4fdDedVWdrHd9IAgGFiekKFRqfQH9/qlkWbpH7cts/tOhGGKd+4YDiOoTBEcICWU7DaNpVSb+KJnRkoEwMK7TFHXagj4qY5ufzZ1Jvv57BADnuriGNZJs8nuvGLN21Gomsqg3+vOJJEUCJkmtOKNg+uI0oMZ5PTku+r9ImSbqDrwbF3fdEerTe6RUB2ZQ8ePE4FLW0UeocCPaGDoTLGsKoasfT3suLBYLpdE21zGS6fJu/kTwODV5usvZ4r7WTiuv6VDnZZkM68IBwrrbV5iNVQhIhE1PubsZ4R2Tr2LL9I/oXnsy42c+xcG/LR5cR8oZP/33+dDVProUdlfekVdNmXYR5Mhz7jkB3ca/D8WWAO01cgwU3Us2AICp7hNRt8FMVeBgIYZAuC30uqL5Y7pg3o67Hgey0a6Xp+O/O+TdFFr90Uaqsa7Q0/9DwosbdiR6wrlOtfrvNtev5atzyewvRuUA/TZBYzYrqqjvuKtWcS4BmT/omZXzIPUoQwlwxJV0fbAPTEq4YZJw11egWOLaBTDWQQ2R5tewcTqe1ePUpoXk3sWkiqA8RaOmgdw6IYeFqv5Ct9eoz/tvc3ykzw4jeNLSNIaFl64BisgqpfchU3488T6Hzz1qg9tnGfdJ9NslW7k6ldp9PH/l8zhhsj7vjbEL1cko8AZQaO4hQj/iwxDKJZ9DqV9EIJKmIrynBTHzfPRJ4da6kaK6k3AU66gkiiLqUZwuP+8gdspW/wHDO4bByyXlD7Naw14+Q4QGJsHsjEi1KwkDFj0GVjkFb0P/79rHA3bP1Eq2BMB3Zg+gizaMZw3a1GwMnjFcjyVtaDcMkM9wfkbHYUS6Xvt62HaZfr7WJQS7iHs5VvEl7Na+z9+YSpkwPzUfUHwH3HQUix/jCvvV05Ks7sbxRy4LJb+tk1nP8qOJo/bBW6hElf2dgQIbgoCSQxAJsfqsWYQtlloVFDpaA5y0iRYjlxoCskkFuuJJmyQoNxGxXHbPVk7SDPk8F5Fe3siclMDJF5x9JaUhxjxuU6LaPk3Io3yyClVa7Y739kad1gpNUji1YJ6z15FEnphiQX25DsG7o492Onkc0QhtM3BCbjHXdSPqKUViQQ+PtedUSakwUyrV7P7tO//62xIFNU3RLS6APZznZAqQGLRydLtsfUfu75gyH1SK8/ZVntXHGQoeXF4fOz6+TFhDSvOf7rX5jS/XaYweDDNFxdi7bD6iNDzKXz+I8rnqopkQ0JFfosQQ7aGxoTln1vGB5k5lanYhD6I883rSSTV8OpukYdag3F/rdE1+72vUPaoZbLUVlp+fPGqUPC7Bw2MEmd27H3r/DaR7w51MmKStQjrvpVA8DQqEO3we55ukgNkg38S6vHpdAqyFZZz6nvPk0ZZZy+O+hsyo6xgY6s4kfagw9/T9GGe8REndYSz0JTl6btVDAIZ2t71UWKRElKiZy5cN7P3hFE14NfWptRpqOhxqqIsMvBFR38YBWir6sTwRakJBJDoR30X5cXL1MKu1vXTDb3Azf6AwMB9agw1b/L433jd21+rNboqpv8Ml271AwYC+qSn/6wpVbQrzIxdjfUMjjAaps3D6dzCV7PsUNxthwtb++9Rfcg51exBgIed9bAuDdclKbeWMh0k9+E90LY3cYmWy5xKco5Tv+uqlHSmdcyz9hcah1VqgKd/ObB55Z6lqNxspeRpceHiGkmpDFDiwUkQqsc61T8+ATHy6CN1Nrl3/PLemWxbOpJTyYHlX4zMtptixuVjxdbwnj9a9EnwhOfXjJ0aWr1vp2maZYw6Yyr936coUYCmNGZghhtSapHkwsvmk7dYigbyb4C0SFUt72vmdea/KTF4ZDqXDg32LzUNCrfJD84xTlXsDslzwq7ZVECMVBUUmwM9A9j/F/5gQ7myINYviTb5G7JEpNclL71xB6NcMRKZMvnYX8VfCHDpHpPVWbbAVSdhdZVWEcSu4aNfflRGNscqr9UwLb+u2QqdKKzufxIC2ixqXuTumuuCIWQ6SXfN9x5m0HPa9Du9v0JhvIkfzHQlTNsC/RcElftnhwKK3JB0bik170Op3IflqZ07ib9EC/gVSorSTnwG07rQ0sp6P936mRXaemSok2CJVUKUNRy5pg9hkihb+A+g9bhUkz0l97LKWd77S7gPc4ipT7z9ZSr0KIg3eixlygZw+ys27UPUvi4sOC59eNW+rmB5CFA6d4ulEp31VWBKQO0JS4t0EfoKcd4vEjkHmcrgdDJ/U7P9C6Pli7gpCAjzJ91sEo8MDqjwkU5pbIL9KO2nm4PnxQfL1aUMDJrMjurggJys150NnfG0cucpUzqoedWR+v4MCTVYaXVIHaO7L4iD1IQ2PDn/H4Du2ZPUpMeSBw0V0viv28mVVVwTC6V6XtwfzBhXgzWyizjY7rsT00X5jLzjqQ6BI9KIRdta7uJzQhpgwz5aN4X3D9dacr6vU2p66ardfEJgSZYjQmazRq+WHtE7D2A252nLc8LDyCK4tYOi9T3C6NMYgkXuIvg2/JIxisE8DAUZlKhfxX6Y9Tj1Bd4VT6X6e/WzxHitBClHuIYQgCNK+0M1g75sJWw/4HJ186KDbiTuvUBZKpjXLfovhICfmVkp0Gm3rCBZoY+zeBu/unofuXBFX0HYE4wjggcFfeAzK0GgidJjSPpLeWMqn/qzSd8B8InpDlKqVYNPN7Y6i6A5UeZTDziEXw8lbmps70foNCrXBgo7i6zRxG1+1hMm+e3zy3fJnxHgnB9hgxweRBPTCeL5CbZhm3a7VQY6WjLvikkKgFZkV6iDOS/QikIYhnPn3ytJ9vIYAuTgF/vPVANLCB4hsZzd0sYWkDtXaLU3gA1yGlLuuguNcAj9s/C1vOHiJQ8gR1Xy1xOPPGljzMSShJ/E5WaYwCuL02W3+lbYIsEjAO6ze7PAzxDMuOte/H5x0lYEtKRFfTkkNWVwe5nKLz1BfVcHhvtJpNQRji3ymUpiDBmfTHsq+Ff+wqqt9N6ZCKJ+jIUGvAS0TYjAvrhgK7b+Sund5tpdcPvyeO1j4Ohq73CauF74UsqEkzxdTtsmZy8mCrtv6RtGWLK9akIRb7QIc1YvvGahUFgbOoL0mJIJimVKS4+iggSFo7Xz8VjP5QZmHuDXVda/e+7x1kxYLEoO2URhdhakrbOfmbafkR1jg5mhvhLUUE8BuAkChPXYlRmwFU0jyOuI2PB3ZRnPWRr4YeD95hzRWZKTRlqqP7T117UNhoWhJKs20K/Lt8uR5HK7FQ8FW3wsXHyvou32fWWjlM6SOcT4PPB/mhHQblH/QVvT7HF5hGg8RGRi2HYTItlh4s0bdp1plLByN8pMoihMirxBPCFHyLVZMAouedFII0fJpgMv7kVXTpMW80jIEicqJDsMs87DXevBKPSri150d74N4W5eBXxtYmP8uTdBacq9cHR2TWN7Exqc4SUAY53xvd+bKLI/+L+Mcm6sMzjpoK6W0FyZ1GgGU2fsOO0EkiF7LV/HGvXgD4RrVz0oI5OSi2cMB2fs103r3KNT1jKhm4EOivKB5Wcd90cOZVYn/nxABnxiL9th4k/Rfg87NwAGTZ5GLXiWJM3P6AYV9CxiampYaf0YSwklFVPGIMYvurxHlMB3Mp0wKwL+y++Jj9UqzK5hp++QvH9OgygMcO1iQRFGTSjBx0jcmbUCfzB1mXSkMb/33uoOw9VaBbIT7BZodFkT6C8Ayrgzn1KJIJ38TckK0Wy3BfM+wlhi+fsqMxp+JIjRQvWvkghSObVgst0dTMhXMcAQ53TJEFSLLUJJaKMILuL9H5fdTqgKgZOkuwnazVAWS0nI6zbDIdwWGYaDVAm85e/ouXstLUyun2fyPe6dSSkMRA+CEX2UK887PodvsdJRAHBygPqJX/NQS6jMxaxdEWX6yUPlpTdNxAfRntFL02TKQtoLTBsVphddOBNPhj9Jl2YIrqIkZiDz8u/ayVaumRU+gUhiplKgK7VSxQI3d8qSi5Stblgw4DAgZsT9eTXROqQpxUfuQBcOFVuy9QcUZfrrlVLwinNZKdWjcBuB1y2llxsOEtRerHFjf246d+d4DcFCRShOXN2ezji8Vghefz8F3HU+teDcbOhgIm1LCN6sqPMBpi1JdJJWQMrCNxfxQDsVcsYtt1myjl6YyKKNxFgxmmbr+6HVSKMxjlTUmx7yyntUPJ1XG1nZHoS6kKvm9Z4c6c1YBT1XHXRMtDcQN8ljO5eEOOL9m3TZslRRRLUUg12ZIO6cCzcnIK3tfq5j4r/Qzsxv30x65W8HPAK3cZPngMXIDsia4Gh1nivMAHLY41YViyXHjX7U9AqrjW7yPv1QL7aa1uiqD+lDFwvZy+pCt665osKlm2TA7PYUktfTqYGeSs46GoRDXVp1dTdNe9TT5JIsGVGqHEXUJkyzgOUHSQeeHqODdJDD0KDke0O9AODopwHcQsOTuI6CBqs6GZNn4NQivEapxaYHDO3F6HVs5NV0EE1QhNbu0a0HiaD4lX77CW7TforgiPGSJAf2+FKkaMbKTLhRZSl7UWlF2tfYDb9ObPOKcWHHEkI1Yl4WrQ9VCRmFu6ErX83K+nFplgdamPCgitZAWjETzrGao4Z5rCaVKaWjUVzsJvP2ek2ObemMTsmwQf0NMLoHD+G/DLJ5iEg1h1s5+FmKG/QcnJMPRWDAlNbhMPwmDEJ0scs9polNloeQ0JvQjrqWMBgOBrUJlGS/A/+f2YtdZVFB5MKyldezofY12O2+mxq6gO2b9q0tjXcXLd9aBgU81eaZWL8waVbtTcqmtz+OBTpGz47W7UkW5kUtglIwWHxcp5sh8h8M6cTlEL7Z0E1/NoAgMobvwpSEvLMPa/U3Tm69eMPxz4p/yIKUnpKEj71JU5PFiO2iVka7F7n9IxJgicgWTt/H39bLeoVcYzGJlz9gfBTKTPeig8mvns9c7pgIzMOwPhoMvnvwjKuJP5AgchDof+gEcMatB+r9bZcP8zOR78WslVXmbU5nB66p/uiJxcVxWGCTcz43/jG3gpSswL7GUpZBe8J22FSUqpySJTrQibl7A5mu4qvixtmDdfPfSrB199q+SrL7lBAOc2TzZ7CQAlIA/VdceVMHmLUGSbrogG8cbmyF4I3OgoiFhf1wgDgFSZPDK5ZNbyFwdJmeXkOoSMa0YMg0KSGOweuIdNt/BMtCq80HY6X/p4yFOpiukVyv2qqn9jBCVn41UsU0u7aQDeqNPQsaL8C8t/yROvhFhq2CystcFNqs8XxWJZ8DFKKwxIzLCnZZUsqWZRGX28Bnt0VAHEgSKBbtDRJtTC1Yvrvyhe/CmY0fDof3dOTSWi4qKRBGQZn7RH4xlcX+PwNUPs3R/Ll//8tAZwuVY9Jj0XNi9VyuIS9/bBQ2Tg+SSoPL9yYNXowyO0PSFZCEilZwVDo0+jGSNNMMaAXccfskCKvIqSlePGj/PGEEFkfaqSR+310VJjJ+nDPIopzG7kIKFQotxYBshQXt4/8ciy7+0R4Rb0oCqB3Zd5Jz14wE0Yn9tfQGgqR4A/Rtj+sIoI1/lPTlH3ZdSgcEmW6fn7qfFC6OtOEgNKrpDzfzEtZ2fD2Z57Xpv12D8UIGxHsJBR4dqb+yTQDq3mGUVjfKbw1UewfJgCjGWjsFDm+PQ+5kGeezz/QtKzQA7eJ6mYxI2bMqbOQ2DJhICj9XNdMrjZM/2ZnqsfqDYZ/GfP87mW+PWAuu9Yp6jqTt9NTXa57a5g8Eqi+JLcatZMfrlSt7q0UF0IdLNxBTq7sWY5nGuXQ0BuD2+9391a+nAiD9vzJePW1HswZMEfGRbExgHlonBEVqeexsnFt7IDB6YlEFfY/+JvDgILPWa8XuWpDG/7qfe8pAu6lOfMe5d6xMTTYigu4NMT3pT5f0qUky61OfAi6IVEDKqEey+Nz1sVWdzm7GJknjHIczrnkh376omXufYX07gu3DwC2GK4ueRd5KHgYksj2B1wx3hTibeAZVSfuPQj4XRk41b4mtodKkU3M2PDtEFUrbgYxPhRhCMssHGMrmu6J9hBRvgKtTUVPZmgDaHU1hf4x2f4GDGgupqP/RPKMErQ09n+X4Y6GX3+2wpMYxp/Xeox2Fy1kA8TD4bzfXsNif8sJo6UMS45zbsPG2Wz6Y3qNOXLi1NNWV/fQ5+pQRPpPgYZ/Zk+iSCnrP/xYDkOnt5ozwx5lom1hYnHqpE5wBnZRMVKAYHJv9pGPqt6hwtPdvY4db1aFuwneAyl1FeHRZe16YjSvQGz8X9twlDcGp6pj/OD/KBwWxA7JdSs0fWmBvMDaSyGkr4cRAlupThEA6j4ko9l5Cxkz1JRJ6V4a7V5PDLQO5BO3ndKrA4p/XTiH8gpXaTyIY7WCLIwKzebpQ7TD4X9XcYLW98C+iMyNC98q5YG25ADrokoUcaJnL0isHaGpgRNlFW/3aVf1HffShUDStr8I8kt7D7bYHd3Sd6XW7NU5Lv9JvJhnEw5sFOUNT7xrs5ZfbUIerwrYnDXgqeX+bqlrqGCqDvgpnVA8PmOORAb+vJVzdaGNTAWzK9PmM9r0sSeWiShgUXZD3pATgl1z9LHtsvzPzkgoZPrL0r/APE2wWgA5q1RZekiF99YNDwzesX3B1fk/01711oljTTNDF3hpL/L8cPLImaOZ98oef679NH2yqVzacEHe3hjSBkrlzjEJYv491+kYpEppHtGuFOj0LOZapSbdnwAeVMmYy5azPKRjlX2zUwppsf+pSeddooNbUZJYXd69qkjxEgX/1c5EH9njgL5QyX/wfGEYyrCJN1/SrgfVd6ioyz8fBX+M5Uj/3x7+5GfU+z+rMiHW+3WGx6UI34RshVYxQ4rGhcZbb8WbqlxGuVaz4EllbcOqYOHTe7MmVZ1BEWxzImBgwygCmvddevoKcwOxRUXe/hGH8XZaQTv958jHkA/kpcXAUE3rbEymEgY0NL0BSdEoZeEj5xrxXNT8S9l86MKd3pyf58WjRkKJ9Jzq6gdAO2nXrp9M7MXHiEWeJPTLmHgEDiEVxuajfPOjPNvRMkQ9Lq+XkR181S4CK1jSkgyJU+P//PNDE3LG4iq1eKZqHJAayJN2PwoCw8BA2yLyqtnyBCM0qOW1eE2kIgwVk4Y8oJEItP8lY94rhmR8YUzk2ed98ikNIiDxYvGe3xSQxEfSfSgP507UClbR3lXSbDPqoiy6EuBnhuSSaUshk85FmD/WSrUdwtWoOL7Tc7Ray7fH8jgqRmalNHcfGQXWtHWVvVAixvVMSwS49dI8WXz1EPGob3Huhhi4f0teb1ai+Y2LlcKrHZJfmGBs+hoP4mB2FetbM9nFBf5GrV1wHD5AU8u5QsXlEeghvWJoibYqebPY905PyfPqVzCeF5wCjVlXi0w4erLzdIXeTzVyphkLM/R4I5PBtfeSLdwCtf5Iwsi0dlwLjt+0jJdjXqyaMMK1x1WdHD9dpeIbY8z3TNwwSvOk0/OvstQsvZrxBMyQbPRNw30Ae/YBmiUwH2iAI2QotU5GQ53BlCsOiw2z+CTh7XjwbpeilxKgAPNDZynihCJs4vKQ2mDTtPckTVBqENSX1AhcFqEbZDViK+VClaIAf4Ot7CBhTS1X6peaaEscoAfv+fNr//H1OQ7cvv7GgNJd66aIOJ78l/sFn2zxOz5SF9e+yQAzafVhSZaLg2J68bvVYZalfl+HJARWGEGwcjfBJCSv5S+Y076Sa9DA+U48nbxZG2aGv5fhzPA/HVz4E/+mzi83+yAFOVAhqN40ezkxQG41MK0l1aXO9XjkCfna4OOJ6j4NkfgdSqzT7ga/ulP5/+tCUFTQYNr6Mmv62vren4CwZ7H07eN35ajHcQrBK2+gBl6yMdC6cuoZIYb/Wyl0EGhZg3ocjXHQv76EFy8saFId0/c1jGWgoesTeEfP6iQ0v89LyPjgLTCwNRVKsxQczWZ+M0FATCtdAfw0f7fQXA66/uBVe7gUf1xNEel0wIsbOlYipUciqdO7ql/1Q30QxzTGZ2rzs8vSYnp1XJOJqBD3mR1aIigxNNyElEgPB46INO3Bsw6V7BL2SUWTCRlj6PeUikyQJ4zkbSCih1gAODkikF4KanvXdtQ2AmlnHE2no2CXT8/Gv6Twulb/NOl0MEhEfWgIcc8ljvQpwx+M7lMtKgdJX4Qdv+lBsbPYwiAro9ONAXp9MgKHEbyWWCyAcYzAJoMV59hm7F6DyasaYbQxfSuhHm59uityJXp3fQ48FB2636swdx6bMIn0G5kUb4oRQmjmOeEDziMYO0zfMtZDS3ZZ9zJF2zmrpW3u4+X40AJgJDqn7f6PiTIpmehSHjIvuMH2J6K8b4nWvTCD+Ew8GQDRxNEPkxUBSjFShd5g64BYtQi4SR5Runo0ms+KvRNaFyHgHCgicRGUmDpREf0uYu3eh1MZ/+9FAIMiTTbDl1gPkxx5m4AbVY1ZHfmXM3Rie3/6MUWwbRQnTTIRbvlDg3D/2SOctw6KjVNnQ42u4eLuCFGFQ1IE9FTgN9Dr0/zu/yOhqGoMkCCnTBBWhZABWURZgL9YzH3gcIZQtGihKzeQvUqSvBr8AksKiH918zT4e4rzRvYTtGqQMb8m7iTvw/JkP8/GNA0kbecrjIRxbGBalV2ZUik3cU0ZrjkrNRwsV6KoUTPbLYSl1paHNqenO+9/LP+yotYUn+wclO8ACZAWkCLnIEj1/L9frSVSNfP8VKfMhht4mqNk3ebr/g7O2ckApZYqnsHima94GJEqKi/SIEnXNgj59lGYvkfG2eI2V5n/hOm6IB5RORm/N6z0B2m6YAZ1sDUUusGthoxti5gbIToyeTzIFmffZ3AvbJNBxf86T3NNPCsqiyGc44eQddAByCG7FbUpOQyqQIfcmqM2b7mk0KdvovXqdvS5jdNeKnf4o/5OZ8xf2DdAn1oRLpWuzFomxsmtLsRJrVXLp4oTWBcrvbmEgKcYoRfBuF1ZiOtF8CPC3pk3V/GSqrlUaAZkLnKTD4uFImoKFk2R+DcKVG5aWvRxY36EV1+ek2Ckx0/wngiXP/qskYhAD1dPylVQg9ZFZaxlgjRLvzRwNCbMABuw+DMkueUpG9LyGu7TtGLkSc82DZJ93F37MlhXDNoeaEeqC7hTpF4yAO56852CbS0eEuQeXe6wqXPmc5W+1LQepcMW1k3glC390wfErwy8j70csefpBk57ZqTwptTzDia7njF4R1ATINdALNnm+oDbBVXRx7KfBI1kil+xzt8CW1VRYxn+aLEbaBeDq6TvMvvfbB/OpR+HItXXTjjdZ2rnPH3tcw14tP2QA5mbhR+PeJcQM3akLVYtla8XCYfAGDIxm8Gvh/eWEoecFqwMlbGX5NMtiSyxlYz+KBPaKtTA5+Ln9JMlbG0T9Bc9h4KbfO1Szrv7Pc4SorjhUEXo2gCPbe8XTLazu9hzd7N6RKpwWNrhar3+kS5ZtoHleKaDs2ykZql9UIfl0epZpNaXd7uj0BLVJvvzAUHOmufou4YGnm7Z4tEMi+NG7lwwulFpN+0uzodDwZ0bvw919Yf+TESJYit7wW0AYpfeJ9UVxl3hFqsjHnFMj70RM43tgRGmfCmaUDoFGiCoIaawQ4W8Vhi7awPVhl/MtSZ0ulxE4Recj34EYkPKi73HG6ytVs0xTyYrNV/UTQtMO7lgNUTRxBrZNErpDAluOuDov0LBbESXpm7oqbdalWH8YVJ/gSrd6goxrG7jerhKymMWnxxKrphirIGIrxgKPbyzoPIIHvBcXyLiAPUx73NnvOyHZVeJnh3bLVH9zPSY8atWOleuMBmLzILUFDf5T2I1PwmYFamU7OudJszdW/OuF/JPWok0358yhmFIvODt5zDaKTCbHVqN/Dqckg8Cn0bBoCCluDKHi5WdC40483kTebNWqMC4ps5n44teJImxA7SXfSTEpCrWRZ87a+f7w7GsWUCg10VzTFR/+Gao9hggYKkwAc7SgzCW6wvvWdayey3BefIK30mjR+sis/h5DAWQiny3oKWc5/gRI4Mk6ps7rbCzEYeb+8vO9U7p48hTPz3BxGXe/BdE7f4DiKCs/Kk0MFKhFW0zR6xDIrLBQA9ahidm1rZM9Hou09kuN9/cXoB3V9bMbC8BULBD6Yn6tdxQYec+olifZO6hn/JGUNAYBEllkUkDlJJpM8KuG17JOXWiYWgaxSeE6MIKCXXHa7bpd/iVdSysX6zfGHdlcga08kiQJFmK2DPL8PKMs/VEEM+z1Ph2F+rybme3xkV4kYjBbxopCWbl+ntGv74o/+09AevCY1FKw3tZUlfE6DCpCEuL0PsZ7fm+bFBIImLqGNytqOCPQrpzPxNRIBxdNYgyrTEWGWF/s63RJS11psa0cAGNQORDgNWPnF5glylyWBEWP9SPRasDiepRJs+OsaE2dnoc0gehvvpf2zqePt7jlssDdrcWqxTxDV+l97QuIz75hebOTUYiteSxR7aBOMHMJ1YsFQMp4sXrtaE1dF0Mn4O/J9Q9CaGPYDhoUlCNQ1hZMfp8fvFakG9UR2Dl8yeYTNfV3l4oo4HzJLNVwcRC+a6ByliOdCMmVXyDhfbDhQCP9MHEQtLA1+fQQYcizQP9fVvZfLUaZ0cJaANH+9vfzwyUp2IRBe7q1g4LSBN0m6ees5KQontbA9vSFiug6riFVzucoROgDriRSoND4WU+y+Zy1II9/VhBW/Ic37E/vw==</CipherValue></CipherData></EncryptedData></EncryptedStore>
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/resources/rupert.xml b/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/resources/rupert.xml
new file mode 100644
index 00000000000..e7a20ab9da3
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/Test/resources/rupert.xml
@@ -0,0 +1,149 @@
+<?xml version="1.0" encoding="utf-8"?>
+<RoamingStore xmlns="http://schemas.xmlsoap.org/ws/2005/05/identity">
+    <RoamingInformationCard>
+        <InformationCardMetaData xml:lang="ja">
+            <InformationCardReference>
+                <CardId>urn:uuid:4105d42c-ab63-470b-9c0c-2c067c4dccd5</CardId>
+                <CardVersion>1</CardVersion>
+            </InformationCardReference>
+            <CardName>rupert1</CardName>
+
+            <CardImage MimeType="image/jpeg">/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCACQAIoDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDpvLzShPWpQOM04CvnGj1ucZsp2zHWnj3p+3NLlJ5yNVxnAoIycd6tbVWAMy9T1qS3hEjLtGcnANWqd3Yh1LK4+xsTOQ7/AHF/U1HcWuxiU5A7VvW8eyNUT7qiqc+0Y+QDk8iuqdBQpnN7Z81zDZeauWNujyNLKoMadj/Ee1PaFJGzkAmnFVDeVu+WPjjue5/z6VypJamsql1ZGfJFtdgPWmiPHvWgVRW+bJApjy26g8ZPpU8vUqNR7GbOmZE9hSrbu/QGrDzorbxGp/Wmtfu3YAVGhupStohv2Mj71RPbxL9+UCmvcDklFNVnuu4AqblKMupK32ZRncT9FqPz4PR/yqpJdu/AqPbcelUXZlu0uGV/KbJHY1pKqnq4FU1XBwBgU/BrRy1M/ZlsNEOu6pBcxqMBMn3qjzikwc80uYXs0zWZvNtUbjknpS2135LbWG4dPpVWCVhaMrKSq88U6zu7EttdxEx/56cUuaXOnExcLRdzodyJErh87uarTct97GexFTwRRMiiFxIn98dKS6jdAq7PmzjHPNenUvKGpw2syhuEO5+uOn1qCKVEQkj86bqFxHbsIVG5+pVeeazHN1dfJnyI/blv/rV5M52djupUeaN2TTaiZrpbZJAGPO2nTQjGaggs7e1BK8seS3Umr0cyz5GRnFTGV9DecVC3KUcbTio34HSpp/lk4qsweRulC3saxd1cru5GcGoVjeZuOnrV5bQDlzmpgoVeOntV7D5kVY7ZI+2T61NsH90U8DJp+2jchsZ3p4OaYRxTk605bh0DHOc1JjOOM0grQ0qGMyGeZsLGcKv95qqnHmkkZ1J8sbl2HT/JtkjZv3jcsPSnS28MS7ZgpB/vDNRat4h0nQl83ULsRybcrCvzSN+FcHL4xutdkb+zoXsrbODIWzI/4/w13zhCnHU46UKtaVkdXfT6NYMVVWab+5FlTn8Olcrqmta3csEtr1rOEHgBzI//AH0aIopHXZBGzHqxHX8azrh2jk2uhUjsetcftZX0PcpZfTivfd2Sx6pqVt964jmPcsuCatxeKAi/6TbuD6od2awkjuLoM8MbOq9SOlVpmlhbbNGy/UVHs1J6mk6cFojs4tbs7m2E+/y0LbRv459KtQ3ibwySrwex5rzdzG0isVBxXomky2WradC91bRyTxfKXI5OOmaidFR1Ryy0Wq0NO5kM4RyE6dVHWmnAAx0p0hXACjA7AUzPrWSZj00GMwzSE/KaUjJpCMnFO5VkCY60u5fU0YwOlNx9aq4uVMOq4pEOPel70w5HSrn3CI9pVBx3p4uTBHJJHkMEPIPI4quuCvvT4v4lprQTj3PP7uNJZJXf53kPLNySfetu1t0t4IbWEfMcD8agv9DuYb0PGm+3L5yO31qyWkW5jaJGdlcEBRurScr2R3YZRSbRvTzw2UHkxrhR6Dr9aw7u+aZsMqOP9sBsVS8RtqDRN9mhfzD2ZTnFQ6RpusPYgz2M5cn+7jAqeR8vNcPbJS5SV5sJ85CqPwFQzFZ4WQnK4qvrnh7WrmJBDbyJ2ZT3qSLSry00sQ7cuqY5NNRSV7i5m5Wsc+JDuxniu38Jy4jkUnqM1wrQvFLsdcMD0Nd74as9umiY5y5P5VVa3IZeR0QmDHGaeapBcc1J5hBBPSuIlw7FjGadjaKRSMZpSc0zNjCDTakY5pmKYxnIOaR+tLmkfjBraewo7iBVJz39qGlWMdD+NRYWTg5B9RT1hRcHlj70ohJD3P7jnrjmrGkwRW1v5uPnk5J9BVZiAMN0pEn8qARscbapOzuWk3HlTNg3gQccVi6pfXkb+faSuxHDRM3B+nvVOfUQCQG4qjLeZ6mk5s3p4eK3LtnqN1zPeTOWf7sfZRTL27SVO2TWZJclu9V3m9TU6s3XLFaFPUrZJVEir8w/Wu2sIRb6dBF02oK4O/1WGx8ppfmBdTtB6jNehRSx3ECTR4KOoYYqqikoo45zTkNI5pjL8tSFQGpxXK1zspOwsHzLjuKnVD0qODAfpWikWRTirnNVnysqGM4qHNaTpFt+Z/wFQfZkP/LOShxsZRqozTQxyhpoRl+6SR6GnZOOldLN0VmOHqVZBjrVeV/mqBZTn2qIo0ZauJOgrE1bW4rN1hkJ3Ebs1oTTrHG0kh2qvJJrznxJqC394ZowQgXaorqo0ed6nPWrKmrrc6IajHcx+ZFIGH8qZ9qHdq88+0TQPuidkPsakGu3ijlg31FbvC9iYYzud8bpc8NVG/1eCyiZ5Hyeyjqa4yXW751xuC59BWc0jyuWdiSe5NOGF11FUxmmhdvtRl1C4Msh4/hHoKu6T4h1DSpvNtbhl9VJyCPpWJnHbj1pwbDV1ezja1jidSTdz1/QPHtjqW2HUNtrcdn/AIG/wrtEXevygkNyp7H8a+bw2DXV+FvGN/ocyJ5jS2efmgY8f8B9K4K+BvrA6aeKezPbEt9vzM2KnWbfnJworP0/UbfWbJLq0mDxn+AHlfY1aAK8sM+3avLd4Oxo3z7k+VIHFNKx5+6PzqpKZWfKTFR/dK0vmN/kUuYFSKS8juKf8oG4ngdzXH3Piy7UYht4UP8A30ax59a1W5bM10+3+4vyivQVJs15lc7OW7gO5lljKeu6s+XWbCEHfcoT6J8x/SuKn1GeIFQuag+3uYySgBPtzVQoO46lSKje5ta5ry3EflQFhEOTnjdXGy3DPLknFLqF1jCBs1mNLnFenCCirI8mU+d3ZJLksRXW+G/CjXwiLqjTSr5g3/ciTONxHcnsK5IvmSvafCZSS1uDEAWKwle2V2DH65rkx9aVKneJ0YWmpy1Ik8C2gHlvf/vSM7fJjx/3zjOPxrkfFHg/7GHeKNElRC/7r7kqjqQP4WHpXeapeahcTy2emRwWzQr58ktwvLN6KB16dfek1kSyeH4prp4nuElRg0Qwpy2P5GvMo4utGUXJ3udUqMZXR4Ow4I70it2NT6jGIdQuET7qyMB+dQwiNrhPNYrHn5iBk4r6BO6ueZJWdiTOec0+M/MOwqBmRZXCElAeCRVuzi82RT2FDdlccItux7p4C0c6X4Zikkx511+8b2HYV0MhbPpXBeCfE3kQDTbpjtX/AFR9PauyGqQPMI/n3NwBtzXgV0+Z3O5U5InKnvTcUsVzbzbgkgcg4ODyKXKetYWNU2eVtGjckYNV2tnJOw59qsEbV3PwtVZbp5PljG1fbqa9YvQr3MQgjMsmG9hWLNc72L4x6e1dDDp9xeBkSNtuPmwOgrldTt5LSd4mHHY1vRa2OLEwlv0M+4m3zEmo4j85J69qCp6mkKMDnaRmuq5yWY4q27rXfeCPEZtWSGT5pEGwLnBkj64HuDyK5Gz02a8RPJkiYtxsLjINa0fg7UpLeWfMIiiBZyHzjHb6/wCIrnrxp1I8smbUpSg7o9Xj13R0m82S+SN1HKTAq4PfIP0FYfivxBBFaiVYvLiHzxI42vPJ2bb/AHR1yetc7Z6Z4ig0+0dNekggmXKDe3yDIBz6df0qrd+GLU3TPe+IY5WZSzS9fm57k5PIxXn08FRpz5r3OuVectkcVM5d2Zjksc5NNMUgTzChCE4Ddq6O5bQtMmBtne6Pl4II4DfX0qpNr4vbhFvLYSWan/UI2zHuD616kZN7I4pR7si0i0trxZI5R+9/hJbFWI4vscrQv94HrXZ6F4F8P+JoUuNA12aC6HLWV5GCw+jKRuH0FaGo/DbWCoAFu5Xo6NWdS9zajOK33OW0+OWSZRDkEc7vSu6snuNO0ifUDK0jY8uIOP4j1P5VDYeDb62jSF3iXPfdkmta/wBPuGvLWwRRHBGmN55Uk/SvPqWbsdynFnPQ6yq4Z42SQdw1XR4uQDH/ALKaytT08Wd9NCzgmNiDjpkVlllz0o9lFl7lyFHuGYOuQB6VZWycMvyxgD25r2KTwJoEhLpatET3jkIrF1Dwtp2k7bu3u5mZW2iJ8EfWumpRnFXOSniISdjFs7dNIsvulp5OWArj/FFlFcgyzQKJHG7iuu1G8EacNjccVyd7efbb0L/CvOK46cpc1z0ZQi42MJdER0jURhY1HAqtqGjK8RGeR90+ldFNKFGKyby8VFI4rojUk3czlRhGNjiHieGRhyCp6ilF1cqpVbiQKecBq0rkK0m8d6rNBHJ22n2rtjNPc8yVGS+FlJppXOWldvcmmHJ71cNkmfv05bWFfvsSarmiR7KoUVXcQqAk1bt7PzH+fgelWE2R/cXHvUcc+WKnipc29jSNFJ3ZpRRywMktvI0bocqytgg+1eheHvilc2qrbeIIXuIxwLmEfOP94d686il+WpkbPWsbvqbyownseyWni7StevC2ltM00K5Imi2jB71Mly99q0BEg2W8qu+eA2K868N2F60puLeXyEYbWbGdw9K7VMouC5JHUiuKq0pGlKg2rHMa1NJe311LGjZaUkY+tZXl33/PNv8Avmu58yMDhRmm+b7LSjVstjpVBrqf/9k=</CardImage>
+            <Issuer>http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self</Issuer>
+            <TimeIssued>2007-04-18T11:08:03.171875Z</TimeIssued>
+            <TimeExpires>9999-12-31T23:59:59.9999999Z</TimeExpires>
+            <SupportedTokenTypeList>
+                <TokenType xmlns="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</TokenType>
+
+                <TokenType xmlns="http://schemas.xmlsoap.org/ws/2005/02/trust">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</TokenType>
+            </SupportedTokenTypeList>
+            <SupportedClaimTypeList>
+                <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
+                    <DisplayTag>First Name</DisplayTag>
+                    <Description>First Name</Description>
+                </SupportedClaimType>
+
+                <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
+                    <DisplayTag>Last Name</DisplayTag>
+                    <Description>Last Name</Description>
+                </SupportedClaimType>
+                <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
+                    <DisplayTag>Email Address</DisplayTag>
+                    <Description>Email Address</Description>
+
+                </SupportedClaimType>
+                <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress">
+                    <DisplayTag>Street</DisplayTag>
+                    <Description>Street</Description>
+                </SupportedClaimType>
+                <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality">
+                    <DisplayTag>City</DisplayTag>
+
+                    <Description>City</Description>
+                </SupportedClaimType>
+                <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince">
+                    <DisplayTag>State</DisplayTag>
+                    <Description>State</Description>
+                </SupportedClaimType>
+                <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode">
+
+                    <DisplayTag>Postal Code</DisplayTag>
+                    <Description>Postal Code</Description>
+                </SupportedClaimType>
+                <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country">
+                    <DisplayTag>Country/Region</DisplayTag>
+                    <Description>Country/Region</Description>
+                </SupportedClaimType>
+
+                <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone">
+                    <DisplayTag>Home Phone</DisplayTag>
+                    <Description>Home Phone Number</Description>
+                </SupportedClaimType>
+                <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone">
+                    <DisplayTag>Other Phone</DisplayTag>
+                    <Description>Other Phone Number</Description>
+
+                </SupportedClaimType>
+                <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone">
+                    <DisplayTag>Mobile Phone</DisplayTag>
+                    <Description>Mobile Phone Number</Description>
+                </SupportedClaimType>
+                <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth">
+                    <DisplayTag>Date of Birth</DisplayTag>
+
+                    <Description>Date of Birth</Description>
+                </SupportedClaimType>
+                <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender">
+                    <DisplayTag>Gender</DisplayTag>
+                    <Description>Gender</Description>
+                </SupportedClaimType>
+                <SupportedClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage">
+
+                    <DisplayTag>Web Page</DisplayTag>
+                    <Description>Web Page</Description>
+                </SupportedClaimType>
+            </SupportedClaimTypeList>
+            <IsSelfIssued>true</IsSelfIssued>
+            <HashSalt>EMmXS+TVm+GLiJZDSZ7mPw==</HashSalt>
+            <TimeLastUpdated>2007-04-18T11:22:03.875Z</TimeLastUpdated>
+
+            <IssuerId/>
+            <IssuerName>Self</IssuerName>
+            <BackgroundColor>16777215</BackgroundColor>
+        </InformationCardMetaData>
+        <InformationCardPrivateData>
+            <MasterKey>VTH3VHGQd6YTliRZcGiS4JdKcY2ASe9jKr+zu4PP7tc=</MasterKey>
+            <ClaimValueList>
+
+                <ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname">
+                    <Value>Rupert</Value>
+                </ClaimValue>
+                <ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname">
+                    <Value>Bonobo</Value>
+                </ClaimValue>
+                <ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">
+                    <Value/>
+
+                </ClaimValue>
+                <ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress">
+                    <Value/>
+                </ClaimValue>
+                <ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality">
+                    <Value/>
+                </ClaimValue>
+                <ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince">
+                    <Value/>
+
+                </ClaimValue>
+                <ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode">
+                    <Value/>
+                </ClaimValue>
+                <ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country">
+                    <Value/>
+                </ClaimValue>
+                <ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone">
+                    <Value/>
+
+                </ClaimValue>
+                <ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone">
+                    <Value/>
+                </ClaimValue>
+                <ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone">
+                    <Value/>
+                </ClaimValue>
+                <ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth">
+                    <Value/>
+
+                </ClaimValue>
+                <ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender">
+                    <Value/>
+                </ClaimValue>
+                <ClaimValue Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage">
+                    <Value/>
+                </ClaimValue>
+            </ClaimValueList>
+        </InformationCardPrivateData>
+
+    </RoamingInformationCard>
+</RoamingStore>
+
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/resources/ChangeLog b/mcs/class/Mono.ServiceModel.IdentitySelectors/resources/ChangeLog
new file mode 100644
index 00000000000..dc037c190fa
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/resources/ChangeLog
@@ -0,0 +1,8 @@
+2007-04-27  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* schemas-xmlsoap-or-ws-2005-05-identity.rnc : TokenService element
+	  also contains UserCredential.
+
+2007-04-18  Atsushi Enomoto  <atsushi@ximian.com>
+
+	* schemas-xmlsoap-or-ws-2005-05-identity.rnc : initial commit.
diff --git a/mcs/class/Mono.ServiceModel.IdentitySelectors/resources/schemas-xmlsoap-or-ws-2005-05-identity.rnc b/mcs/class/Mono.ServiceModel.IdentitySelectors/resources/schemas-xmlsoap-or-ws-2005-05-identity.rnc
new file mode 100644
index 00000000000..fb9548305b0
--- /dev/null
+++ b/mcs/class/Mono.ServiceModel.IdentitySelectors/resources/schemas-xmlsoap-or-ws-2005-05-identity.rnc
@@ -0,0 +1,96 @@
+default namespace = "http://schemas.xmlsoap.org/ws/2005/05/identity"
+datatypes xs = "http://www.w3.org/2001/XMLSchema"
+namespace wst = "http://schemas.xmlsoap.org/ws/2005/02/trust"
+
+grammar {
+
+start = element  RoamingStore {
+  element  RoamingInformationCard {
+    element  InformationCardMetaData {
+      attribute  xml:lang { text },
+      element  InformationCardReference {
+        element  CardId { text },
+        element  CardVersion { text }
+      },
+      element  CardName { text },
+      element  CardImage {
+        attribute  MimeType { text },
+        xs:base64Binary
+      },
+      element  Issuer { xs:anyURI },
+      element  TimeIssued { xs:dateTime },
+      element  TimeExpires { xs:dateTime },
+      element  TokenServiceList {
+        element  TokenService {
+          element  wsa:EndpointReference {
+            element  wsa:Address { xs:anyURI },
+            element  wsa:Metadata {
+              element  mex:Metadata {
+                element  wsx:MetadataSection {
+                  element  wsx:MetadataReference {
+                    element  wsa:Address { xs:anyURI }
+                  }
+                }
+              }
+            }*,
+            element  wsa:Identity {
+              element  dsig:KeyInfo {
+                element  dsig:X509Data {
+                  element dsig:X509Certificate { xs:base64Binary }
+                }
+              }
+            }?
+          },
+          element  UserCredential {
+            element DisplayCredentialHint { any* },
+            credentialElement
+          }
+        }+
+      }?,
+      element  SupportedTokenTypeList {
+        element  wst:TokenType { xs:anyURI }+
+      },
+      element  SupportedClaimTypeList {
+        element  SupportedClaimType {
+          attribute  Uri { xs:anyURI },
+          element  DisplayTag { text },
+          element  Description { text }
+        }+
+      },
+      element  IsSelfIssued { xs:boolean },
+      element  HashSalt { xs:base64Binary },
+      element  TimeLastUpdated { xs:dateTime },
+      element  IssuerId { text },
+      element  IssuerName { text },
+      element  BackgroundColor { xs:int }
+    },
+    element  InformationCardPrivateData {
+      element  MasterKey { xs:base64Binary },
+      element  ClaimValueList {
+        element  ClaimValue {
+          attribute  Uri { xs:anyURI },
+          element  Value { text }
+        }+
+      }?
+    }
+  }+
+}
+
+any-content =
+	element * { attribute * { text }* | any-content* } |
+	text
+
+credentialElement =
+  element  UsernamePasswordCredential {
+    element  Username { text }?
+  } |
+  element  X509V3Credential {
+    # specified in xmldsig schema
+    any-content
+  } |
+  element  KerberosV5Credential { attribute * { text}* } |
+  element  SelfIssuedCredential {
+    element  PrivatePersonalIdentifier { any-content }
+  }
+
+}