I have implemented an STS that allows clients to authenticate using X509 certificates. WIF (now built in in .NET 4.5) has an X509SecurityToken class that seems to work perfectly for this scenario. In my case, I would also like to pass an ActAs token, but it seems to me that while ActAs tokens are validated (by a different collection of token handlers), for the X509SecurityToken, this validation does NOT prove that the caller possesses the private key, as it does when the token is used as the message credential.
Is there any way around this? How can I require the ActAs token to prove it has the private key?
Presenting a public key or X509 certificate does not prove I am the holder of the private key.
That is not the purpose.
But a signed certificate also does not prove I am the holder of private key.
If I send you an autographed picture of George W and you verify the signature is authentic and the picture is George W does that prove I am George W?
The way you verify I am George W is you send me a random challenge (in the old days it was call a nounce) and I sign it with my my private key.
You then verify the signature using the public key (via the x509 certificate).
The purpose of the certificate is to identify the entity with the certificate not the holder of the private key.
And it really does not verify I am George W.
It just verifies that at the point in time I have the private key.
Really if authentication was based on signed certificate then you could authenticate with any server that authenticated with the misguided assumption that a signed certificate proved I was the holder of the private key.
Your confusion is not limited to PKI but security in general.
To encrypt a channel the encryption key is changed every x period of time.