Difference between revisions of "Org.eclipse.higgins.rpps"

Latest revision as of 10:26, 12 July 2009

{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}

This component is part of the RPPS Package.

Service

• Responsibilities
  • Support for "card selector" UIs including matching cards with policies.
  • Retrieval where possible of one or more Digital Identities that satisfy the policy of relying sites and systems
  • Support for i-card management (i.e. create/update/delete)
• Dependencies include
  • I-Card Selector Service
  • I-Card Registry
  • User Profile

UI Support

userInterfaceRequest

/**
 * This method takes as input a policy---for example, one that has been retrieved from the Relying 
 * Party Agent (called here the 'Requester')---as well as a description of the 
 * Requester. 
 * 
 * @param Policy
 * @param Requester
 * @returns UserInterfaceResponse
 *  
 * It returns a UserInterfaceResponse object which contains all of the
 * information necessary to construct a user interface for identity 
 * information selection and release. This object contains:
 * - Identity information of the requester (including name, address, CA) if available
 * - Privacy Policy Summary, i.e. a description of the Requester's privacy policy
 * - Information about the user's previously selected options for this policy
 * - Manual selection information (including per claim choices and recommendations 
 *   and images) necessary to display a set of card icons as well as their 
 *   contained claims
 * - warnings about this policy and/or this Requester, e.g. FirstVisitWarning, UntrustedSSLCertificateWarning
 * - and UIDs for each selectable entry (these are handles to the card icons 
 *   and/or individual claims used in 'tokenRequest'
 *
 * The UserInterfaceResponse object should contain all information necessary to display
 * both (a) a user interface which shares the same card metaphor, sequences of 
 * experiences and decision points (the ceremony) of CardSpace and (b) other 
 * interface paradigms to be developed in the future 
 */
UserInterfaceResponse userInterfaceRequest(Policy, Requester)
  throws InvalidPolicyFormatException, UnsupportProtocolException,
  UnsatisfiablePolicyException

Support for Token-based RP Interaction Patterns

tokenRequest

/**
 * Given the Relying Party Agent (aka 'Requester')'s policy, identity information
 * about the requester, and the set of one or more selections that the user 
 * has just made in the ISS Web UI (see userInterfaceRequest),
 * AND presuming that the protocol involved in interacting with the RPA
 * requires a security token, request the token that corresponds to the user's 
 * selection(s). 
 * @param Policy - the RP Agent's Relying Party Security Policy
 * @param Requester - the RP Agent's identity information
 * @param Selections - the user-selected subset of the UIDs (handles) 
 *   contained in the UserInterfaceResponse object returned from 
 *   an earlier invocation of 'userInterfaceRequest'
 * @returns a TokenResponse that contains a ResponseURL and a 
 *   Digital Identity token message
 * The ResponseURL indicates to the HBX client where the security token
 * should be sent (via, say, a POST method)
 */
TokenResponse tokenRequest(Policy policy, Requester requester, Selections selections)
  throws InvalidSelectionException, ProcessingErrorException

Connection to Higgins Client

• Create a new account on the Higgins service registered to the client (e.g. HBX)
• Verification of HBX authentication
• Returns the Terms of Service of the Higgins service (human readable text document)

HTML form filling

getFormFillingScript

If there is a form filling script for the web page currently open in the browser, retreive data from the appropriate I-Card, and pass this data along with the script the client (e.g. HBX) so that the client can fill in forms on that page

/**
 * Gets a form filling script for the specified site&user
 * @param page the browser's current URL
 * @param username the user name
 * @return a form filling script
 */
public String getFormFillingScript(String page, String username) 
  throws java.rmi.RemoteException;

HTML Scraping

getHtmlScrapingScript

If there is an HTML scraping script for the current page, return it to the client (e.g. to HBX) for interpretation/execution.

/**
 * Gets an HTML scraping script for the specified page
 * @param page the URL of page to scrape
 * @return an HTML scraping script
 */
public String getHtmlScrapingScript(String page) throws java.rmi.RemoteException;

setHtmlScrapingScript

The one client (HBX) among the others (?it needs to specify which one?) captures/generates the HTML script from/for the site and then saves it into the server for the further using.

/**
 * Sets an HTML scraping script for the specified site
 * @param page the URL of page
 * @param script the script body
 */ 
public String setHtmlScrapingScript(String page, String script) throws java.rmi.RemoteException;

RSS+SSE Support

• Acquire a card

// acquire the RSS feed from the RP site and then 
// create a new (site-specific) I-Card whose attributes are defined in the feed
acquireICard(String subscribeURL)

• Create an RSS-SSE feed that publishes the minimal subset of attributes required/supported by the RP site from the appropriate I-Card. If available, subscribe to a reverse RSS-SSE feed and use the data to update the a site-specific Card I-Card.

Sign-on Confirmation Notify

// Locate the URIICard-type I-Card whose URI matches 'cref'. If no such 
// card exists, create it. Find the Digital Subject whose unique identifier 
// is 'cuid'. On the uniqueIdentifier attribute value itself: 
// (1) if 'success' is true, add/update to "now" the
//   the lastVerifiedFromSource metadata property's timestamp and
// (2) add/update the lastVerifiedAttempt metadata property's timestamp
//   to "now".
void connectionNotify(ContextRef cref, String cuid, boolean success)

• The Higgins browser extension invokes this method after it has attempted to use the username 'cuid' at the website 'cref' with the password (retrieved from the browser's password manager) along with a HTML scraping script retrieved from I-Card Service to sign in to this site.

Sign-on Confirmation Verify

/**
 * The RP site invokes this method to verify that user really has an account on the specified site.
 * @param host The verified site url.
 * @param username The username to login onto verified site.
 * @return The result of verification process.
 */
public boolean connectionVerify(String host, String username)

ICard Management

createICard

Creates an ICard object with the given id, and property set.

   /**
    * Web service operation creating a new card
    * @param userId user name(id)
    * @param password user password
    * @param id i-card id
    * @param properties i-card properties
    */
   public String createICard(String userId, String password, String id, String[] properties) throws RemoteException;

acquireICard

In general, creating a connection to a RP site, gets RSS feed that is representing i-card, and creates appropriate card.

   /**
    * Web service operation to acquire the i-card from RP site.
    * @param userId user name(id)
    * @param password user password
    * @param subscribeURL URL of the site from where i-card will be acquired
    */
   public String acquireICard(String userId, String password, String subscribeURL) throws RemoteException;

See Also

• I-Card Service Web App