HBX Microsoft CardSpace Support
HBX supports the Microsoft-defined CardSpace web integration flow described in this paper. When the user points their browser at a website, HBX parses the HTML looking for embedded indicators of the security policy of the website, that in this case is acting as a Relying Party Agent (RPA). The security policy indicates the Digital Identity (DI) that the website desires or requires in order to authenticate or otherwise interoperate with the user.
<object> tag Support
HBX looks for the x-information-typg <object> tag, requests an appropriate Digital Identity token from the Higgins server, retreives it and posts it to the RPA.
In addition to detecting the <object> tag as before, this version also parses and captures each of the parameters (see example below) and values and passes these along to a Higgins server. This has been added in order to support work on the server related to integrating an STS for upcoming demos next week. This version also passes along the website's SSL certificate to the Higgins server.
<OBJECT type="application/x-informationCard" name="xmlToken"> <PARAM Name="tokenType" Value="urn:oasis:names:tc:SAML:1.0:assertion"> <PARAM Name="issuer" Value="http://schemas.microsoft.com/ws/2005/05/identity/issuer/self"> <PARAM Name="requiredClaims" Value="http://schemas.microsoft.com/ws/2005/05/identity/claims/givenname, http://schemas.microsoft.com/ws/2005/05/identity/claims/surname, http://schemas.microsoft.com/ws/2005/05/identity/claims/emailaddress"> </OBJECT>
Binary Behaviors Support
NOTE: We PLAN support for binary behaviors very soon, but as of version 0.4.8 it is NOT supported.
Microsoft's new http://sts.labs.live.com uses the "binary behavior" option instead of the <object> tag described above. Here is a sample page:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:ic> <head><title>Microsoft Live Labs Relay Service: Downloads</title> <link xhref="App_Themes/site_styles.css" rel="stylesheet" type="text/css" />
<ic:informationcard id='infocardBehavior' name='infocardBehavior' style='behavior: url(#default#informationCard)' issuer='http://sts.labs.live.com/trust/InfoCard' tokenType='http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1'> <ic:add claimtype='http://schemas.microsoft.com/ws/2005/05/identity/claims/privatepersonalidentifier' optional='false' /> </ic:informationcard>