Skip to main content
Jump to: navigation, search

Difference between revisions of "HBX Microsoft CardSpace Support"

m (logo, category)
 
Line 1: Line 1:
{{#eclipseproject:technology.higgins}}
+
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
 
[[Image:Higgins_logo_76Wx100H.jpg|right]]
 
[[Image:Higgins_logo_76Wx100H.jpg|right]]
 
HBX supports the Microsoft-defined CardSpace web integration flow described in [http://msdn.microsoft.com/winfx/reference/infocard/default.aspx?pull=/library/en-us/dnwebsrv/html/infocardwebguide.asp this paper]. When the user points their browser at a website, HBX parses the HTML looking for embedded indicators of the security policy of the website, that in this case is acting as a [http://www.identitygang.org/RelyingParty Relying Party] Agent (RPA). The security policy indicates the [http://www.identitygang.org/DigitalIdentity Digital Identity] (DI) that the website desires or requires in order to authenticate or otherwise interoperate with the user.
 
HBX supports the Microsoft-defined CardSpace web integration flow described in [http://msdn.microsoft.com/winfx/reference/infocard/default.aspx?pull=/library/en-us/dnwebsrv/html/infocardwebguide.asp this paper]. When the user points their browser at a website, HBX parses the HTML looking for embedded indicators of the security policy of the website, that in this case is acting as a [http://www.identitygang.org/RelyingParty Relying Party] Agent (RPA). The security policy indicates the [http://www.identitygang.org/DigitalIdentity Digital Identity] (DI) that the website desires or requires in order to authenticate or otherwise interoperate with the user.

Latest revision as of 09:46, 16 December 2008

{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}

Higgins logo 76Wx100H.jpg

HBX supports the Microsoft-defined CardSpace web integration flow described in this paper. When the user points their browser at a website, HBX parses the HTML looking for embedded indicators of the security policy of the website, that in this case is acting as a Relying Party Agent (RPA). The security policy indicates the Digital Identity (DI) that the website desires or requires in order to authenticate or otherwise interoperate with the user.

<object> tag Support

HBX looks for the x-information-typg <object> tag, requests an appropriate Digital Identity token from the Higgins server, retreives it and posts it to the RPA.

In addition to detecting the <object> tag as before, this version also parses and captures each of the parameters (see example below) and values and passes these along to a Higgins server. This has been added in order to support work on the server related to integrating an STS for upcoming demos next week. This version also passes along the website's SSL certificate to the Higgins server.

      <OBJECT type="application/x-informationCard" name="xmlToken">
         <PARAM Name="tokenType" Value="urn:oasis:names:tc:SAML:1.0:assertion">
         <PARAM Name="issuer" Value="http://schemas.microsoft.com/ws/2005/05/identity/issuer/self">
         <PARAM Name="requiredClaims" Value="http://schemas.microsoft.com/ws/2005/05/identity/claims/givenname,
               http://schemas.microsoft.com/ws/2005/05/identity/claims/surname,
               http://schemas.microsoft.com/ws/2005/05/identity/claims/emailaddress">
       </OBJECT>

Binary Behaviors Support

NOTE: We PLAN support for binary behaviors very soon, but as of version 0.4.8 it is NOT supported.

Microsoft's new http://sts.labs.live.com uses the "binary behavior" option instead of the <object> tag described above. Here is a sample page:

   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml" xmlns:ic>
   <head><title>Microsoft Live Labs Relay Service: Downloads</title>
   <link xhref="App_Themes/site_styles.css" rel="stylesheet" type="text/css" />
   <ic:informationcard
     id='infocardBehavior'
     name='infocardBehavior'
     style='behavior: url(#default#informationCard)'
     issuer='http://sts.labs.live.com/trust/InfoCard'
tokenType='http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1'>
   <ic:add claimtype='http://schemas.microsoft.com/ws/2005/05/identity/claims/privatepersonalidentifier' optional='false' />
   </ic:informationcard>
   </head>

Copyright © Eclipse Foundation, Inc. All Rights Reserved.