Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Difference between revisions of "IPhone Selector 1.1"

m (Components & Services)
m (Processing)
Line 85: Line 85:
  
 
[[Image:icm-sequence.png]]
 
[[Image:icm-sequence.png]]
 
The I-Card Plug-In is a WebKit plugin for MobileSafari written in Objective C. It operates in a similar way as the I-Card Selector, but never leaves the MobileSafari browser application.
 
  
 
===Building===
 
===Building===

Revision as of 10:51, 6 July 2010

{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}

Higgins logo 76Wx100H.jpg

Introduction

This is a standalone iPhone application that can be launched both from the iPhone main menu and from a relying party website. It uses the remote I-Card Service for retrieving and managing the user's i-cards.

End-User Perspective

I-Card Selector

The I-Card Selector allows users to manage, preview and delete i-cards, as well as to select and use them at relying parties (websites). Note: This app only works at relying parties that explicitly support it.

A demo relying party for the I-Card Selector is located at http://www.iphoneicards.com/rp.html

Shot1.png Shot2.png Shot3.png Shot4.png

I-Card Plug-In

The I-Card Plug-In is triggered in the browser by relying party web sites that request i-cards, as well as by identity providers that offer i-cards.

This component does not require any special relying parties or identity providers and typically works wherever other i-card selectors work too. However, it can only be installed on a custom iPhone device with SSH access.

Shot7.png Shot5.png

Deployer Perspective

There are two ways of installing the I-Card Selector on your iPhone.

Via App Store

This is the preferred and simplest installation method. The application can be found in the Apple App Store under the name "I-Card Selector". Or, if you're on an iPhone now click here: itms://ax.itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=307416092

Via Ad Hoc Method

This is an installation method that involves connecting your iPhone to your PC / Mac and transferring the application via iTunes.

To prepare for this, you need to download two files to your computer:

  • The application: Download the file dist/ICardManager.zip from the org.eclipse.higgins.iphone.icm project. Unzip this file. You should now have a folder named ICardManager.app.
  • The provisioning profile: Download the file dist/53D2898F-1EAE-4387-9307-DFAB1FFEB9CA.mobileprovision from the org.eclipse.higgins.iphone.icm project.

Now follow these steps:

  1. If you already have the I-Card Selector on your iPhone, uninstall it first (tap your finger on the I-Card Selector icon for about 2 seconds, then tap the (X) symbol).
  2. Connect your iPhone to your computer via USB.
  3. Launch iTunes on your computer. If iTunes asks you to update the "iPhone software", do this.
  4. In the left menu of iTunes, select the "Applications" entry under "LIBRARY".
  5. Now install the provisioning profile (which you downloaded earlier). You can do this by dragging&dropping the file into the main area of the iTunes window (assuming that "LIBRARY" > "Applications" is selected on the left). If iTunes warns you that this provisioning profile exists already, click "Replace".
  6. Now also drag&drop the application folder (which you also downloaded and unzipped earlier) into the same main area in the iTunes window. The "I-Cards" application should now be visible in the main area.
  7. In the left menu of iTunes, select the "iPhone" entry under "DEVICES".
  8. In the main area of the iTunes window, select the "Applications" tab. Make sure that the settings "Sync applications" and "All applications" are enabled.
  9. In the bottom right corner of the iTunes window, if there is an "Apply" button, click it. If there is no such button, just continue with the next step. If iTunes displays one or more warnings, acknowledge them.
  10. Now, in the bottom right corner click the "Sync" button. Now the provisioning profile and the application will be installed on your iPhone.


Configuration

Once I-Card Selector is installed it's being initialized with a demo account that contains a few example i-cards. If you have your own i-card account you can configure the I-Card Selector to use it via the iPhone Settings applications.

Shot23.png

Developer Perspective

Architecture

Iphone-selector-1.1.102.png

(Diagram Key)

Components & Services

Components:

Services:

Processing

The I-Card Selector is a standalone iPhone application written in Objective C and based on the Apple iPhone SDK.

This sequence diagram illustrates a typical flow when the I-Card Selector is launched from a web page:

Icm-sequence.png

Building

The projects are:

  • apps/org.eclipse.higgins.iphone.icm
  • apps/org.eclipse.higgins.iphone.ics

These projects can be checked out from the Eclipse repository at the following SVN URIs:

https://dev.eclipse.org/svnroot/technology/org.eclipse.higgins/trunk/app/org.eclipse.higgins.iphone.icm https://dev.eclipse.org/svnroot/technology/org.eclipse.higgins/trunk/app/org.eclipse.higgins.iphone.ics

In order to build the iPhone Selector and I-Card Manager, you need the following:

  • A Mac computer
  • The Apple iPhone SDK (including Xcode)
  • An account with Apple's iPhone Developer Program

You should be able to build both projects normally from within Xcode

Relying Parties

This section describes how relying party websites can use the iPhone I-Card Selector and I-Card Plug-In.

I-Card Selector

The I-Card Selector does NOT recognize the usual <object> tag in i-card relying party websites. Therefore it requires a web page to support the following alternative selector invocation mechanism:

If a web page wishes to accept a security token, it needs to construct a special HTML link whose URI contains

  • A custom uri scheme (either icard-http:// or icard-https://)
  • An absolute target address where the web page wants to receive the security token
  • A policy in the form of the usual <object> tag as a parameter named _policy in the query string

URI Format:

icard-http(s)://www.mysite.com/relyingparty?_policy=%3Cobject.....

Example HTML code for invoking a selector in the usual way:

<form method='post' action='https://xmldap.org/relyingparty/infocard' enctype='application/x-www-form-urlencoded'>

    <object type="application/x-informationcard" name="xmlToken">
        <param name="privacyUrl" value="http://xmldap.org/relyingparty/?privacy.txt"/>
        <param name="requiredClaims" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
        <param name="optionalClaims" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender"/>
        <param name="tokenType" value="urn:oasis:names:tc:SAML:1.0:assertion"/>
        <param name="privacyVersion" value="1"/>
    </object>

    <input type="submit" value="Click here to send an i-card">

</form>

Equivalent HTML code for invoking the selector in the iPhone way:

<a href="icard-https://xmldap.org/relyingparty/infocard?_policy=%3Cobject+type%3D%22application%2Fx-informationcard%22+name%3D%22xmlToken%22%3E%3Cparam+name%3D%22privacyUrl%22+value%3D%22http%3A%2F%2Fxmldap.org%2Frelyingparty%2F%3Fprivacy.txt%22%2F%3E%3Cparam+name%3D%22requiredClaims%22+value%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fprivatepersonalidentifier+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fgivenname+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fsurname+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Femailaddress%22%2F%3E%3Cparam+name%3D%22optionalClaims%22+value%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fstreetaddress+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Flocality+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fstateorprovince+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fpostalcode+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fcountry+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fhomephone+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fotherphone+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fmobilephone+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fdateofbirth+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fgender%22%2F%3E%3Cparam+name%3D%22tokenType%22+value%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%22%2F%3E%3Cparam+name%3D%22privacyVersion%22+value%3D%221%22%2F%3E%3C%2Fobject%3E">
Click here to send an i-card
</a>

Relying parties wishing to support both the iPhone I-Card Selector and other selectors should examine the HTTP User-Agent header and then either output the usual <object> tag or the special HTML link.

The good news is that the I-Card Selector will send the security token in the same manner as other selectors do. Therefore a relying party only needs special HTML code where it invokes the I-Card Selector, NOT where it reads and processes the security token.

The I-Card Selector currently does NOT provide a way to import a new i-card into the user's account.

A demo relying party for the I-Card Selector is located at http://www.iphoneicards.com/rp.html

I-Card Plug-In

The I-Card Plug-In does not require any special relying party code. It gets triggered by two events:

  • The presence of an HTML <object> tag of type application/x-informationcard in a web page. This will first ask the user to select an i-card and then send a security token.
  • The download of a .crd file. This will ask the user to import a new i-card into their account.

Therefore, the I-Card Plug-In should work wherever other selectors work too.

See Also

Back to the top