Skip to main content

Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Difference between revisions of "Org.eclipse.higgins.iss"

(See Also)
(Overview)
Line 1: Line 1:
 
==Overview==
 
==Overview==
The [[I-Card Selector Service]] (ISS) tries to find one or more I-Cards that match the policy it is passed when invoked by the [[ISS Web UI]] or [[ISS Client UI]] on behalf of some relying party
 
  
'''Understanding the relying party's policy'''
+
// Iterate through cards in the [[I-Card Registry]], use Policy engine
 
+
// to examine the supported claim of each to find one or more cards that
ISS is invoked by either the [[ISS Web UI]] or the [[ISS Client UI]] on behalf of a Higgins client. Let's first look at the case of the special Higgins client called the [[Higgins Browser Extension]] (HBX). When, as controlled by the user's brower, HBX lands on a new site, HBX discovers the site's policies. Some of these policies are related to authentication, others are related to other kinds of allowable/supported identity exchanges (for which the term ''policy'' often seems a bit awkward, but we use it all the same). HBX invokes the [[ISS Web UI]] in the attempt to satisfy the site's policy. The policy states what kind of digital exchange protocols, payloads (e.g. token types, RSS feeds), etc. that it supports as well as the required claims and/or the required claimants and/or issuers of these claims.
+
// singly or together satisfy the policy. Invoke the [[ISS Web UI]]  
 
+
// if 'hbx' is true, else the [[ISS Client UI]] to display all cards
Analogously, a non-HBX Higgins client (e.g. an enterprise service, RCP app, etc.) may require the user to authenticate into the application. This client would invoke [[ISS Web UI]] or [[ISS Client UI]], passing in its authentication policy and attempting to fine one or more [[I-Card]]s that satisfy the policy.  
+
// highlighting matching card(s). After user selects card(s),  
 
+
// getDigitalIdentity from the card(s) (if it/they are TokenCards).  
'''Matching against the user's [[I-Card]]s'''
+
IDigitalIdentity getDigitalIdentity(RPSPolicy policy, boolean hbx)
 
+
With the RP policy in hand, the ISS iterates through the cards in the [[I-Card Registry]] invoking isMatch method on each and making the RP policy available as a parameter. The result is a subset of zero or more I-Cards that match.
+
// (Presuming that only one card matched, and of course that the
 
+
// card was a URICard for which IdAS can connect and open a Context)
'''Displaying the I-Card Selector'''
+
// Return the Context of the selected card.
 
+
IContext getContext(RPSPolicy policy)
Depending on the results of this matching process and the I-Card's release policy, the ISS Web/Client UI may display an I=Card Selector visual interface. Some or all of the user's I-Cards are displayed in this UI with all but the matching I-Cards greyed-out (diabled). The user can review the relying party's required claims, review the claim data that they may be about to release, etc. Unless the user cancels out of the interaction the user clicks on one of the non-greyed-out cards and thereby approves the release of the digital information.  
+
 
+
// Return a URI to a network endpoint (e.g. an OpenID IdP) that the
'''Releasing digital information'''
+
// RP will interact with directly --Higgins steps out of the flow
 
+
URI getURI(RPSPolicy policy)
If the user clicks on a card, then ISS Web/Client UI will invoke one of the I-Card's methods (e.g. getDigitalIdentity() or getURL(), etc.) to retreive the information that it will convey/transmit to the Higgins client.
+
  
 
==Service==
 
==Service==

Revision as of 01:42, 14 December 2006

Overview

// Iterate through cards in the I-Card Registry, use Policy engine
// to examine the supported claim of each to find one or more cards that 
// singly or together satisfy the policy. Invoke the ISS Web UI 
// if 'hbx' is true, else the ISS Client UI to display all cards
// highlighting matching card(s). After user selects card(s), 
// getDigitalIdentity from the card(s) (if it/they are TokenCards). 
IDigitalIdentity getDigitalIdentity(RPSPolicy policy, boolean hbx)

// (Presuming that only one card matched, and of course that the
// card was a URICard for which IdAS can connect and open a Context)
// Return the Context of the selected card.
IContext getContext(RPSPolicy policy)

// Return a URI to a network endpoint (e.g. an OpenID IdP) that the
// RP will interact with directly --Higgins steps out of the flow
URI getURI(RPSPolicy policy)

Service

  • ISS API
  • Requirement: ISS need to run in both normal and headless modes. Headless mode means that a web or rich client UI is not available, and that all (if any) matching i-cards should be returned based on a given "input" policy

See Also

Retrieved from "https://wiki.eclipse.org/index.php?title=Org.eclipse.higgins.iss&oldid=20539"

Back to the top