This is the highest level (pure service, non-UI) component in the Higgins identity agent architecture. It provides I-Card related services to "client" components (that usually include UI) including:
- Status: available since M0.6
- Language: Java
- Packaging: WAR or OSGI bundle
- Support for "card selector" UIs such as those embedded within HBX or in ISS Client UI. Relies on I-Card Selector Service for matching cards with policies.
- Retrieval where possible of one or more Digital Identities that satisfy the policy of relying sites and systems
- Support for RSS and other data channels between the agent and a relying system
- Support services related to HTML scraping (e.g. in HBX)
- Support services related to HTML form filling (e.g. in HBX)
- Support for i-card management (i.e. create/update/delete)
Support for Token-based RP Interaction Patterns
/** * Given the Relying Party Agent (aka 'Requester')'s policy, identity information * about the requester, and the set of one or more selections that the user * has just made in the ISS Web UI (see userInterfaceRequest), * AND presuming that the protocol involved in interacting with the RPA * requires a security token, request the token that corresponds to the user's * selection(s). * @param Policy - the RP Agent's Relying Party Security Policy * @param Requester - the RP Agent's identity information * @param Selections - the user-selected subset of the UIDs (handles) * contained in the UserInterfaceResponse object returned from * an earlier invocation of 'userInterfaceRequest' * @returns a TokenResponse that contains a ResponseURL and a * Digital Identity token message * The ResponseURL indicates to the HBX client where the security token * should be sent (via, say, a POST method) */ TokenResponse tokenRequest(Policy policy, Requester requester, Selections selections) throws InvalidSelectionException, ProcessingErrorException
Connection to Higgins Client
- Create a new account on the Higgins service registered to the client (e.g. HBX)
- Verification of HBX authentication
- Returns the Terms of Service of the Higgins service (human readable text document)
HTML form filling
If there is a form filling script for the web page currently open in the browser, retreive data from the appropriate I-Card, and pass this data along with the script the client (e.g. HBX) so that the client can fill in forms on that page
/** * Gets a form filling script for the specified site&user * @param page the browser's current URL * @param username the user name * @return a form filling script */ public String getFormFillingScript(String page, String username) throws java.rmi.RemoteException;
If there is an HTML scraping script for the current page, return it to the client (e.g. to HBX) for interpretation/execution.
/** * Gets an HTML scraping script for the specified page * @param page the URL of page to scrape * @return an HTML scraping script */ public String getHtmlScrapingScript(String page) throws java.rmi.RemoteException;
The one client (HBX) among the others (?it needs to specify which one?) captures/generates the HTML script from/for the site and then saves it into the server for the further using.
/** * Sets an HTML scraping script for the specified site * @param page the URL of page * @param script the script body */ public String setHtmlScrapingScript(String page, String script) throws java.rmi.RemoteException;
- Acquire a card
// acquire the RSS feed from the RP site and then // create a new (site-specific) I-Card whose attributes are defined in the feed acquireICard(String subscribeURL)
- Create an RSS-SSE feed that publishes the minimal subset of attributes required/supported by the RP site from the appropriate I-Card. If available, subscribe to a reverse RSS-SSE feed and use the data to update the a site-specific Card I-Card.
OpenID 2.0 Support
- <to be written>
Sign-on Confirmation Notify
// Locate the URIICard-type I-Card whose URI matches 'cref'. If no such // card exists, create it. Find the Digital Subject whose unique identifier // is 'cuid'. On the uniqueIdentifier attribute value itself: // (1) if 'success' is true, add/update to "now" the // the lastVerifiedFromSource metadata property's timestamp and // (2) add/update the lastVerifiedAttempt metadata property's timestamp // to "now". void connectionNotify(ContextRef cref, String cuid, boolean success)
- The Higgins browser extension invokes this method after it has attempted to use the username 'cuid' at the website 'cref' with the password (retrieved from the browser's password manager) along with a HTML scraping script retrieved from RP Protocol Support to sign in to this site.
Sign-on Confirmation Verify
/** * The RP site invokes this method to verify that user really has an account on the specified site. * @param host The verified site url. * @param username The username to login onto verified site. * @return The result of verification process. */ public boolean connectionVerify(String host, String username)
Creates an ICard object with the given id, and property set.
/** * Web service operation creating a new card * @param userId user name(id) * @param password user password * @param id i-card id * @param properties i-card properties */ public String createICard(String userId, String password, String id, String properties) throws RemoteException;
In general, creating a connection to a RP site, gets RSS feed that is representing i-card, and creates appropriate card.
/** * Web service operation to acquire the i-card from RP site. * @param userId user name(id) * @param password user password * @param subscribeURL URL of the site from where i-card will be acquired */ public String acquireICard(String userId, String password, String subscribeURL) throws RemoteException;