Skip to main content
Jump to: navigation, search

HBX Microsoft CardSpace Support

Revision as of 15:13, 7 September 2006 by Paul.socialphysics.org (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

HBX supports the Microsoft-defined CardSpace web integration flow described in this paper. When the user points their browser at a website, HBX parses the HTML looking for embedded indicators of the security policy of the website, that in this case is acting as a Relying Party Agent (RPA). The security policy indicates the Digital Identity (DI) that the website desires or requires in order to authenticate or otherwise interoperate with the user.

<object> tag Support

HBX looks for the x-information-typg <object> tag, requests an appropriate Digital Identity token from the Higgins server, retreives it and posts it to the RPA.

In addition to detecting the <object> tag as before, this version also parses and captures each of the parameters (see example below) and values and passes these along to a Higgins server. This has been added in order to support work on the server related to integrating an STS for upcoming demos next week. This version also passes along the website's SSL certificate to the Higgins server.

      <OBJECT type="application/x-informationCard" name="xmlToken">
         <PARAM Name="tokenType" Value="urn:oasis:names:tc:SAML:1.0:assertion">
         <PARAM Name="issuer" Value="http://schemas.microsoft.com/ws/2005/05/identity/issuer/self">
         <PARAM Name="requiredClaims" Value="http://schemas.microsoft.com/ws/2005/05/identity/claims/givenname,
               http://schemas.microsoft.com/ws/2005/05/identity/claims/surname,
               http://schemas.microsoft.com/ws/2005/05/identity/claims/emailaddress">
       </OBJECT>

Back to the top