Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Org.eclipse.higgins.icard"
(→ICard Interface) |
|||
| Line 5: | Line 5: | ||
All [[I-Card]]s must implement the ICard Interface: | All [[I-Card]]s must implement the ICard Interface: | ||
| − | // | + | //Returns the type of this i-card (e.g. "uri", "cardspace", "idemix", "openid", etc.) |
| − | String | + | String getType(); |
| + | |||
// A card identifier that is unique to the card issuer. Or at least that | // A card identifier that is unique to the card issuer. Or at least that | ||
| Line 12: | Line 13: | ||
// see no reason not to follow | // see no reason not to follow | ||
// Return the identifier string | // Return the identifier string | ||
| − | String | + | String getId(); |
| − | |||
| − | |||
| − | // | + | // The unique identifier of the i-card in the i-card registry. |
| + | // Because different i-card providers could contains i-cards with the same | ||
| + | // ID, it could be difficult to retrieve the same i-card from the i-card | ||
| + | // registry again using i-card ID. | ||
| + | // The UUID must be unique over all i-card providers in the i-card registry | ||
| + | // to allow retrieve the same i-card from the i-card registry multiple times. | ||
| + | CUID getCUID(); | ||
| + | |||
| + | |||
| + | // The version of the card. Useful in subsequent import operations, | ||
| + | // so that cards can be updated or overwritten. | ||
| + | String getVersion(); | ||
| + | |||
| + | |||
| + | //the human friendly name of the card. The only thing that will be | ||
| + | // possible to modify after the import. | ||
| + | String getName(); | ||
| + | |||
| + | |||
| + | // Representation of a background image of the card. | ||
| + | byte[] getImage(); | ||
| + | |||
| + | |||
| + | // The mime type of the background image (JPEG or GIF). | ||
| + | String getImageType(); | ||
| + | |||
| + | |||
| + | // Name of the issuer of the card. Used to match the required issuer, if a relying party specifies an issuer in the policy. | ||
String getIssuer(); | String getIssuer(); | ||
| − | |||
| − | |||
| − | // | + | // The human friendly name of the card issuer |
| − | String | + | String getIssuerName(); |
| + | |||
// Returns when the card was first issued, created, originated | // Returns when the card was first issued, created, originated | ||
Date getTimeIssued(); | Date getTimeIssued(); | ||
| + | |||
// Returns (optionally) the time after which the card should | // Returns (optionally) the time after which the card should | ||
// be considered expired, invalid. Otherwise returns null | // be considered expired, invalid. Otherwise returns null | ||
| − | Date | + | Date getTimeExpires(); |
| + | |||
// If card handles only simple claim types then | // If card handles only simple claim types then | ||
| Line 43: | Line 70: | ||
// the schema of c (retrieved by c.getSchema()) | // the schema of c (retrieved by c.getSchema()) | ||
List getSupportedSimpleClaimTypes() throws ComplexSchemaException; | List getSupportedSimpleClaimTypes() throws ComplexSchemaException; | ||
| + | |||
| + | |||
| + | // List of all possible types of claims (as String) that are supported. | ||
| + | public List getSupportedClaimTypesUris(); | ||
| + | |||
| + | |||
| + | // List of claims provided by this ICard. | ||
| + | Iterator getClaims(); | ||
| + | |||
| + | |||
| + | // Retrieve the value of a simple claim type | ||
| + | IClaim getClaim(String type); | ||
| + | |||
| + | |||
| + | IClaim getClaimByShortName(String shortTypeName); | ||
| + | |||
| + | |||
| + | // Provider of this card | ||
| + | ICardProvider getProvider(); | ||
| + | |||
| + | |||
| + | // | ||
| + | String getDescription(); | ||
| + | |||
| + | |||
| + | // | ||
| + | void setName(String newName) throws CardException; | ||
| + | |||
| + | |||
| + | // | ||
| + | void setImage(byte[] newImage, String newImageType) throws CardException; | ||
| + | |||
| + | |||
| + | // | ||
| + | void setIssuerName(String name) throws CardException; | ||
| + | |||
| + | |||
| + | // | ||
| + | void setExpiredTime(Date date) throws CardException; | ||
| + | |||
| + | |||
| + | // The list of token types could be issued using this card (this method was moved from ITokenCard) | ||
| + | List getSupportedTokenTypes(); | ||
| + | |||
| + | |||
| + | // Indicates that this card has been issued by user (claim values can be editable) | ||
| + | public boolean isSelfIssued(); | ||
| + | |||
| + | |||
| + | // Date when the card was last updated | ||
| + | Date getTimeLastUpdated() throws CardException; | ||
| + | |||
| + | |||
| + | === We need to review the following methods of ICard interface (now are absent) === | ||
| + | |||
| + | |||
| + | // If card is of type (1) then return a [[Digital Identity]] | ||
| + | // that satisfies the policy ''policy'' | ||
| + | // The ''credential'' parameter used to authenticate to the | ||
| + | // Token Issuer--may be null if Token Issuer policy doesn't require it | ||
| + | DigitalIdentity requestDigitalIdentity(Policy policy, DigitalIdentity credential); | ||
| + | |||
// Returns a read-only Context containing one Digital Subject that can be queried for | // Returns a read-only Context containing one Digital Subject that can be queried for | ||
| Line 53: | Line 142: | ||
IContext getDisplayContext() throws NoDisplayContextException; | IContext getDisplayContext() throws NoDisplayContextException; | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
// Return whether the user wishes to be asked for explicit release of | // Return whether the user wishes to be asked for explicit release of | ||
| Line 66: | Line 147: | ||
// the first time it is requested (iii) never | // the first time it is requested (iii) never | ||
ReleasePolicy getReleasePolicy(); | ReleasePolicy getReleasePolicy(); | ||
| + | |||
// Set the release policy of this card | // Set the release policy of this card | ||
void setReleasePolicy(ReleasePolicy) throws CardNotOpenException; | void setReleasePolicy(ReleasePolicy) throws CardNotOpenException; | ||
| + | |||
// Return a list of the types of exported card data stream formats supported | // Return a list of the types of exported card data stream formats supported | ||
// ?? presumably a CardFormat also mentions XML language and/or version number | // ?? presumably a CardFormat also mentions XML language and/or version number | ||
List getSupportedExportFormats(); | List getSupportedExportFormats(); | ||
| + | |||
// Return a data stream containing a serialization of the card | // Return a data stream containing a serialization of the card | ||
| Line 78: | Line 162: | ||
// E.g. CardSpace I-Cards will export CardSpace format data | // E.g. CardSpace I-Cards will export CardSpace format data | ||
String export(CardFormat format); | String export(CardFormat format); | ||
| + | |||
// UPDATE-RELATED METHODS | // UPDATE-RELATED METHODS | ||
| + | |||
// Open the card itself for update. These methods are | // Open the card itself for update. These methods are | ||
| Line 89: | Line 175: | ||
// value of getIssuerURI() | // value of getIssuerURI() | ||
final void open(String editorID); | final void open(String editorID); | ||
| + | |||
// Return true if card is open for update | // Return true if card is open for update | ||
boolean isOpen(); | boolean isOpen(); | ||
| + | |||
// Close a card for update. | // Close a card for update. | ||
void close() throws CardNotOpenException; | void close() throws CardNotOpenException; | ||
| + | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
===To Do=== | ===To Do=== | ||
| Line 114: | Line 190: | ||
* Future: we may want to add methods (analogous to the ones mentioned above) to inform the user about the format of the underlying data (e.g. LDAP, RDF, RDBMS, email contacts, etc.) | * Future: we may want to add methods (analogous to the ones mentioned above) to inform the user about the format of the underlying data (e.g. LDAP, RDF, RDBMS, email contacts, etc.) | ||
| − | |||
| − | All | + | |
| + | |||
| + | ==IInformationCard Interface (extends ICard interface)== | ||
| + | |||
| + | All CardSpace-interoperable cards must implement this interface. | ||
| + | |||
| + | // Random entropy used for computing the PPID claim value for the card | ||
| + | byte[] getHashSalt(); | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | // | + | // Used as the entropy to generate the token signing key |
| − | + | byte[] getMasterKey(); | |
| − | + | ||
| − | + | ||
| − | |||
| − | |||
| − | // | + | // XML representation of the card in RoamingInformationCard format. This Element should be created within the passed Document |
| − | List | + | Element toXML(Document doc) throws CardException; |
| + | |||
| + | |||
| + | ==IManagedInformationCard Interface (extends IInformationCard interface)== | ||
| + | |||
| + | All Managed CardSpace-interoperable cards must implement this interface. | ||
| + | |||
| + | // An ordered list of security token services | ||
| + | List getTokenServices(); | ||
| − | |||
| − | |||
| − | // | + | // Indicates that RST must include information identifying the relying |
| − | // ( | + | Boolean getRequireAppliesTo(); |
| − | String | + | |
| + | |||
| + | // PrivacyNotice XML element as it was imported from xml file | ||
| + | Element getPrivacyNotice(); | ||
| + | |||
| + | |||
| + | ==IPersonalInformationCard Interface (extends IInformationCard interface)== | ||
| + | |||
| + | All Personal CardSpace-interoperable cards must implement this interface. | ||
| + | |||
| + | // The base64 encoded bytes of the SHA1 hash of the pin code | ||
| + | byte[] getPinDigest(); | ||
| + | |||
| + | |||
| + | // Used to edit claim values of the card | ||
| + | void setClaimList(List claims) throws CardException; | ||
| + | |||
| + | |||
| + | // Used to set/remove pin protection | ||
| + | void setPinCode(String pinCode) throws CardException; | ||
| + | |||
| + | |||
| + | // URI of the context where DigitalSubject with claim values of the card is stored | ||
| + | URI getClaimListContextID(); | ||
| + | |||
| + | |||
| + | // ID of DigitalSubject which holds claim values of the card | ||
| + | String getClaimListSubjectID(); | ||
| + | |||
| + | |||
==IURICard Interface== | ==IURICard Interface== | ||
Revision as of 07:21, 21 June 2007
This page describes the two interfaces, ICard and ITokenCard, that all types of Higgins-compatible I-Cards must implement, as well as the optional IURICard interface.
Contents
ICard Interface
All I-Cards must implement the ICard Interface:
//Returns the type of this i-card (e.g. "uri", "cardspace", "idemix", "openid", etc.) String getType(); // A card identifier that is unique to the card issuer. Or at least that // is what we believe the semantics that Microsoft intended and we currently // see no reason not to follow // Return the identifier string String getId(); // The unique identifier of the i-card in the i-card registry. // Because different i-card providers could contains i-cards with the same // ID, it could be difficult to retrieve the same i-card from the i-card // registry again using i-card ID. // The UUID must be unique over all i-card providers in the i-card registry // to allow retrieve the same i-card from the i-card registry multiple times. CUID getCUID(); // The version of the card. Useful in subsequent import operations, // so that cards can be updated or overwritten. String getVersion(); //the human friendly name of the card. The only thing that will be // possible to modify after the import. String getName(); // Representation of a background image of the card. byte[] getImage(); // The mime type of the background image (JPEG or GIF). String getImageType(); // Name of the issuer of the card. Used to match the required issuer, if a relying party specifies an issuer in the policy. String getIssuer(); // The human friendly name of the card issuer String getIssuerName(); // Returns when the card was first issued, created, originated Date getTimeIssued(); // Returns (optionally) the time after which the card should // be considered expired, invalid. Otherwise returns null Date getTimeExpires(); // If card handles only simple claim types then // return a list of all possible types of claims that are supported // throw exception otherwise // This is here for backward compatibility with CardSpace cards // // Note: this is a convenience method that does the equivalent of // c = getContext(); and then (presuming c has a simple schema) // does creates a linear list of claim/attribute types from // the schema of c (retrieved by c.getSchema()) List getSupportedSimpleClaimTypes() throws ComplexSchemaException; // List of all possible types of claims (as String) that are supported. public List getSupportedClaimTypesUris(); // List of claims provided by this ICard. Iterator getClaims(); // Retrieve the value of a simple claim type IClaim getClaim(String type); IClaim getClaimByShortName(String shortTypeName); // Provider of this card ICardProvider getProvider(); // String getDescription(); // void setName(String newName) throws CardException; // void setImage(byte[] newImage, String newImageType) throws CardException; // void setIssuerName(String name) throws CardException; // void setExpiredTime(Date date) throws CardException; // The list of token types could be issued using this card (this method was moved from ITokenCard) List getSupportedTokenTypes(); // Indicates that this card has been issued by user (claim values can be editable) public boolean isSelfIssued(); // Date when the card was last updated Date getTimeLastUpdated() throws CardException;
We need to review the following methods of ICard interface (now are absent)
// If card is of type (1) then return a Digital Identity // that satisfies the policy policy // The credential parameter used to authenticate to the // Token Issuer--may be null if Token Issuer policy doesn't require it DigitalIdentity requestDigitalIdentity(Policy policy, DigitalIdentity credential); // Returns a read-only Context containing one Digital Subject that can be queried for // attribute values that are displayed in the card UI (e.g. the // I-Card Selector Service or I-Card Manager.) // If a card does not support a display context it throws the // NoDisplayContextException. In this case the user cannot see // the values of the supported claim types, only the claim types // themselves. IContext getDisplayContext() throws NoDisplayContextException; // Return whether the user wishes to be asked for explicit release of // this card's information (i) every time it is requested (ii) only // the first time it is requested (iii) never ReleasePolicy getReleasePolicy(); // Set the release policy of this card void setReleasePolicy(ReleasePolicy) throws CardNotOpenException; // Return a list of the types of exported card data stream formats supported // ?? presumably a CardFormat also mentions XML language and/or version number List getSupportedExportFormats(); // Return a data stream containing a serialization of the card // The format depends on the kind of card // E.g. CardSpace I-Cards will export CardSpace format data String export(CardFormat format); // UPDATE-RELATED METHODS // Open the card itself for update. These methods are // used during the creation of a new self-issued card. // Pass the URI of the agent that intends to update the card. // If the editorID matches the issuerID of the card then // update operations are allowed // Throws CardNotOpenException if 'editorID' does not match the // value of getIssuerURI() final void open(String editorID); // Return true if card is open for update boolean isOpen(); // Close a card for update. void close() throws CardNotOpenException;
To Do
- Future: we may want to add methods to the a human friendly text name and an icon that informs the user about the kind of data access "protocol" used (if any) to retrieve the underlying data. Examples of strings might be "LDIF", "OpenID", "WS-Trust", etc.
- Future: we may want to add methods (analogous to the ones mentioned above) to inform the user about the format of the underlying data (e.g. LDAP, RDF, RDBMS, email contacts, etc.)
IInformationCard Interface (extends ICard interface)
All CardSpace-interoperable cards must implement this interface.
// Random entropy used for computing the PPID claim value for the card byte[] getHashSalt(); // Used as the entropy to generate the token signing key byte[] getMasterKey(); // XML representation of the card in RoamingInformationCard format. This Element should be created within the passed Document Element toXML(Document doc) throws CardException;
IManagedInformationCard Interface (extends IInformationCard interface)
All Managed CardSpace-interoperable cards must implement this interface.
// An ordered list of security token services List getTokenServices(); // Indicates that RST must include information identifying the relying Boolean getRequireAppliesTo(); // PrivacyNotice XML element as it was imported from xml file Element getPrivacyNotice();
IPersonalInformationCard Interface (extends IInformationCard interface)
All Personal CardSpace-interoperable cards must implement this interface.
// The base64 encoded bytes of the SHA1 hash of the pin code byte[] getPinDigest(); // Used to edit claim values of the card void setClaimList(List claims) throws CardException; // Used to set/remove pin protection void setPinCode(String pinCode) throws CardException; // URI of the context where DigitalSubject with claim values of the card is stored URI getClaimListContextID(); // ID of DigitalSubject which holds claim values of the card String getClaimListSubjectID();
IURICard Interface
Some types of I-Cards may implement this interface (extends ICard interface). The card object includes a ContextId URI (which may be an XRI) that refers to an identity attribute-providing service (usually a network endpoint). If the Context referenced by ContextId contains more than one Digital Subject then an IURICard must also return a non-null string from getSubjectId().
The I-Card Providers developed as part of the Higgins project use the Identity Attribute Service to connect to the remote (or local) Context data referenced by this ContextId
// Returns the ContextId associated with this card String getContextId(); // Returns the subject represented by this card. // Returns the contextually unique id of a Digital Subject String getSubjectId(); // Returns an IContext // Consumers of this method may or may not be able to edit the contents of // the returned Context. IContext getContext();