Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

IPhone Selector 1.1

Revision as of 15:37, 11 July 2009 by Ptrevithick.gmail.com (Talk | contribs) (Architecture)

{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}

Higgins logo 76Wx100H.jpg

Introduction

This solution consists of two projects:

  • I-Card Selector (org.eclipse.higgins.iphone.icm) - This is a standalone iPhone application that can be launched both from the iPhone main menu and from a relying party website.
  • I-Card Plug-In (org.eclipse.higgins.iphone.ics) - This is an experimental MobileSafari plug-in that can be launched from a relying party website without leaving the browser.

These two components share common configuration settings but are otherwise independent from each other, i.e. you can choose to install just one or both. Both components use the remote I-Card Service Web App for retrieving and managing the user's i-cards.

End-User Perspective

I-Card Selector

The I-Card Selector allows users to manage, preview and delete i-cards, as well as to select and use them at relying parties.

This component only works at relying parties that explicitly support it. See the Relying Parties section of this page for more information.

Shot1.png Shot2.png Shot3.png Shot4.png

I-Card Plug-In

The I-Card Plug-In is triggered in the browser by relying party web sites that request i-cards, as well as by identity providers that offer i-cards.

This component does not require any special relying parties or identity providers and typically works wherever other i-card selectors work too. However, it can only be installed on a custom iPhone device with SSH access.

Shot7.png Shot5.png

Deployer Perspective

I-Card Selector

There are two ways of installing the I-Card Selector on your iPhone.

Via App Store

This is the preferred and simplest installation method. The application can be found in the Apple App Store under the name "I-Card Selector".

Via Ad Hoc Method

This is an installation method that involves connecting your iPhone to your PC / Mac and transferring the application via iTunes.

To prepare for this, you need to download two files to your computer:

  • The application: Download the file dist/ICardManager.zip from the org.eclipse.higgins.iphone.icm project. Unzip this file. You should now have a folder named ICardManager.app.
  • The provisioning profile: Download the file dist/53D2898F-1EAE-4387-9307-DFAB1FFEB9CA.mobileprovision from the org.eclipse.higgins.iphone.icm project.

Now follow these steps:

  1. If you already have the I-Card Selector on your iPhone, uninstall it first (tap your finger on the I-Card Selector icon for about 2 seconds, then tap the (X) symbol).
  2. Connect your iPhone to your computer via USB.
  3. Launch iTunes on your computer. If iTunes asks you to update the "iPhone software", do this.
  4. In the left menu of iTunes, select the "Applications" entry under "LIBRARY".
  5. Now install the provisioning profile (which you downloaded earlier). You can do this by dragging&dropping the file into the main area of the iTunes window (assuming that "LIBRARY" > "Applications" is selected on the left). If iTunes warns you that this provisioning profile exists already, click "Replace".
  6. Now also drag&drop the application folder (which you also downloaded and unzipped earlier) into the same main area in the iTunes window. The "I-Cards" application should now be visible in the main area.
  7. In the left menu of iTunes, select the "iPhone" entry under "DEVICES".
  8. In the main area of the iTunes window, select the "Applications" tab. Make sure that the settings "Sync applications" and "All applications" are enabled.
  9. In the bottom right corner of the iTunes window, if there is an "Apply" button, click it. If there is no such button, just continue with the next step. If iTunes displays one or more warnings, acknowledge them.
  10. Now, in the bottom right corner click the "Sync" button. Now the provisioning profile and the application will be installed on your iPhone.

I-Card Plug-In

There is currently just one way of installing the I-Card Plug-In on your iPhone. This is experimental and not recommended.

Manual Installation

This method requires SSH and SCP access to your iPhone as well as some advanced technical knowledge.

  1. mkdir the directory /System/Library/Internet Plug-Ins/HigginsSelector.webplugin/ on your iPhone
  2. scp and unzip the file dist/ics.tgz from the org.eclipse.higgins.iphone.ics project into that directory
  3. chown root:wheel * in that directory
  4. reboot the iPhone

After manual installation, you need to do the following before the I-Card Plug-In will work.

  1. scp the file org.eclipse.higgins.iphoneselector.ICardManager.plist from the org.eclipse.higgins.iphone.icm project into the directory /private/var/mobile/Library/Preferences/
  2. chown mobile:mobile that file
  3. unless you want to use the demo account, fill in your own
    1. I-Card Service URL
    2. I-Card Service Username
    3. I-Card Service Password
  4. reboot the iPhone

Configuration

After the installation the I-Card Selector and I-Card Plug-In are initialized with a demo account that contains a few example i-cards. If you have your own i-card account you can configure the I-Card Selector to use it via the iPhone Settings applications.

Shot23.png

Developer Perspective

Architecture

Iphone-1.1.101.png

(Diagram Key)

Components & Services

Components:

Services:

Processing

The I-Card Selector is a standalone iPhone application written in Objective C and based on the Apple iPhone SDK.

This sequence diagram illustrates a typical flow when the I-Card Selector is launched from a web page:

Icm-sequence.png

The I-Card Plug-In is a WebKit plugin for MobileSafari written in Objective C. It operates in a similar way as the I-Card Selector, but never leaves the MobileSafari browser application.

Building

The projects are:

  • apps/org.eclipse.higgins.iphone.icm
  • apps/org.eclipse.higgins.iphone.ics

These projects can be checked out from the Eclipse repository at the following SVN URIs:

https://dev.eclipse.org/svnroot/technology/org.eclipse.higgins/trunk/apps/org.eclipse.higgins.iphone.icm https://dev.eclipse.org/svnroot/technology/org.eclipse.higgins/trunk/apps/org.eclipse.higgins.iphone.ics

In order to build the iPhone Selector and I-Card Manager, you need the following:

  • A Mac computer
  • The Apple iPhone SDK (including Xcode)
  • An account with Apple's iPhone Developer Program

You should be able to build both projects normally from within Xcode

Relying Parties

This section describes how relying party websites can use the iPhone I-Card Selector and I-Card Plug-In.

I-Card Selector

The I-Card Selector does NOT recognize the usual <object> tag in i-card relying party websites. Therefore it requires a web page to support the following alternative selector invocation mechanism:

If a web page wishes to accept a security token, it needs to construct a special HTML link whose URI contains

  • A custom uri scheme (either icard-http:// or icard-https://)
  • An absolute target address where the web page wants to receive the security token
  • A policy in the form of the usual <object> tag as a parameter named _policy in the query string

URI Format:

icard-http(s)://www.mysite.com/relyingparty?_policy=%3Cobject.....

Example HTML code for invoking a selector in the usual way:

<form method='post' action='https://xmldap.org/relyingparty/infocard' enctype='application/x-www-form-urlencoded'>

    <object type="application/x-informationcard" name="xmlToken">
        <param name="privacyUrl" value="http://xmldap.org/relyingparty/?privacy.txt"/>
        <param name="requiredClaims" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"/>
        <param name="optionalClaims" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender"/>
        <param name="tokenType" value="urn:oasis:names:tc:SAML:1.0:assertion"/>
        <param name="privacyVersion" value="1"/>
    </object>

    <input type="submit" value="Click here to send an i-card">

</form>

Equivalent HTML code for invoking the selector in the iPhone way:

<a href="icard-https://xmldap.org/relyingparty/infocard?_policy=%3Cobject+type%3D%22application%2Fx-informationcard%22+name%3D%22xmlToken%22%3E%3Cparam+name%3D%22privacyUrl%22+value%3D%22http%3A%2F%2Fxmldap.org%2Frelyingparty%2F%3Fprivacy.txt%22%2F%3E%3Cparam+name%3D%22requiredClaims%22+value%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fprivatepersonalidentifier+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fgivenname+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fsurname+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Femailaddress%22%2F%3E%3Cparam+name%3D%22optionalClaims%22+value%3D%22http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fstreetaddress+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Flocality+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fstateorprovince+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fpostalcode+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fcountry+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fhomephone+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fotherphone+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fmobilephone+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fdateofbirth+http%3A%2F%2Fschemas.xmlsoap.org%2Fws%2F2005%2F05%2Fidentity%2Fclaims%2Fgender%22%2F%3E%3Cparam+name%3D%22tokenType%22+value%3D%22urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aassertion%22%2F%3E%3Cparam+name%3D%22privacyVersion%22+value%3D%221%22%2F%3E%3C%2Fobject%3E">
Click here to send an i-card
</a>

The good news is that the I-Card Selector will send the security token in the same manner as other selectors do. Therefore a relying party only needs special HTML code where it invokes the I-Card Selector, NOT where it reads and processes the security token.

The I-Card Selector currently does NOT provide a way to import a new i-card into the user's account.

A demo relying party for the I-Card Selector is located at http://www.iphoneicards.com/rp.html

I-Card Plug-In

The I-Card Plug-In does not require any special relying party code. It gets triggered by two events:

  • The presence of an HTML <object> tag of type application/x-informationcard in a web page. This will first ask the user to select an i-card and then send a security token.
  • The download of a .crd file. This will ask the user to import a new i-card into their account.

Therefore, the I-Card Plug-In should work wherever other selectors work too.

Links

Back to the top