Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Higgins Web Proxy
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
Contents
Introduction
The Higgins Web Proxy is a web application which allows users to access and use their i-cards via the OpenID protocol, without the need for any locally installed selector. This can be useful on platforms where selector software is not available, as well as in scenarios in which the requirement for users to install extra software is considered to be unacceptable.
The main downside of this approach is reduced privacy, since the the i-cards of a user become highly correlatable via the OpenID identifier that is being authenticated.
The Higgins Web Proxy functions as an OpenID IdP for use by standard OpenID RPs. It supports the following types of OpenID requests:
- OpenID Authentication 1.1 and 2.0: This simply authenticates the user, without using i-cards
- OpenID Attribute Exchange Fetch: This allows the RP to request an i-card from the user
- OpenID Attribute Exchange Store: This allows the RP to offer a new i-card to the user
The Higgins Web Proxy uses the I-Card Service Web App for retrieving and managing the user's i-cards.
The OpenID identifier (which can be a URI or an XRI) consists of a preconfigured base part, and a dynamic part which directly maps to the user's account name in the Higgins I-Card Service Web App.
For example, if the user's Higgins account name is "joe", then they could use the following OpenIDs:
- my.server.com/joe - URI form
- =my*joe - XRI form
End-User Perspective
iPhone I-Card Selector
Like other selectors, the iPhone I-Card Selector is triggered in the browser by relying party web sites that request i-cards, as well as by identity providers that offer i-cards.
iPhone I-Card Manager
The iPhone I-Card Manager allows the user to create, manage and delete i-cards.
Deployer Perspective
The Higgins Web Proxy is a Java web application which can be deployed in a standard servlet container.
Configuration
The main configuration file is WEB-INF/application.properties.:
- rpps: This is the endpoint of the Higgins I-Card Service Web App which is used to authenticate users as well as access their i-cards.
- server-url: This is the absolute URL to the Higgins Web Proxy. You have to set this according to your environment.
- xri-providerid: The i-number of the parent XRI for your community i-names. This is only needed to support XRI OpenIDs.
Other files:
- *.jsp: These files can be customized for appearance.
- top.txt and bottom.txt: These files are included by the *.jsp files and can also be customized for appearance.
- discovery-uri: This file is served when an OpenID RP performs discovery on a URI OpenID. It can be customized for appearance.
- discovery-xri: This file is served when an OpenID RP performs discovery on an XRI OpenID. This should not be changed.
URI OpenID Identifiers
After the Higgins Web Proxy is deployed, users can use the following URI identifiers at OpenID relying parties:
(server-url) + '/' + (Higgins account name)
E.g. if the Higgins Web Proxy is deployed at http://my.server.com, and your Higgins account name is joe, then you can use the following URI OpenID identifier:
XRI OpenID Identifiers
After the Higgins Web Proxy is deployed, users can use the following XRI identifiers at OpenID relying parties:
(parent-xri) + '*' + (Higgins account name)
E.g. if the parent XRI is =myserver, and your Higgins account name is joe, then you can use the following XRI OpenID identifier:
=myserver*joe
This assumes that the parent XRI has been properly configured to delegate XRI authority resolution to the Higgins Web Proxy, e.g. with a service endpoint like this:
<Service priority="10"> <ProviderID>xri://=!89F9.2C84.ACEA.F2F0</ProviderID> <Type select="true">xri://$res*auth*($v*2.0)</Type> <MediaType select="false">application/xrds+xml</MediaType> <URI append="none" priority="2">http://my.server.com/</URI> </Service>
Developer Perspective
Architecture
The Higgins Web Proxy is a standalone web application.
Building
The Higgins Web Proxy projects are:
- app/org.eclipse.higgins.proxy.web (the Higgins Web Proxy itself)
- app/org.eclipse.higgins.proxy.test (an example OpenID RP)
These project can be checked out from the Eclipse repository at the following SVN URIs:
Developing an OpenID RP
The Higgins Web Proxy should work with any standard OpenID RP. For a list of tools for developing such RPs, see http://openidenabled.com/.
Here are a few special notes related to the i-card functionality of the Higgins Web Proxy:
(..todo..)