Skip to main content
Jump to: navigation, search

Difference between revisions of "Org.eclipse.higgins.rpps"

(UI Support)
(Sign-on Confirmation Notify)
 
(40 intermediate revisions by 8 users not shown)
Line 1: Line 1:
__NOTOC__
+
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
  
==Overview==
+
This component is part of the [[RPPS Package]].
Provides support for Higgins clients, including the [[Higgins Browser Extension]].
+
 
 +
==Service==
 +
* Responsibilities
 +
** Support for "card selector" UIs including matching cards with policies.
 +
** Retrieval where possible of one or more [[Digital Identity | Digital Identities]] that satisfy the policy of relying sites and systems
 +
** Support for i-card management (i.e. create/update/delete)
 +
* Dependencies include
 +
** [[I-Card Selector Service]]
 +
** [[I-Card Registry]]
 +
** [[User Profile]]
  
 
===UI Support===
 
===UI Support===
 
====userInterfaceRequest====
 
====userInterfaceRequest====
  
  // This method takes as input a policy---for example, one that has been retrieved from the Relying  
+
  /**
// Party Agent (called here the 'Requester')---as well as a description of the  
+
  * This method takes as input a policy---for example, one that has been retrieved from the Relying  
// Requester.  
+
  * Party Agent (called here the 'Requester')---as well as a description of the  
//
+
  * Requester.  
// @param Policy
+
  *
// @param Requester
+
  * @param Policy
// @returns UserInterfaceResponse
+
  * @param Requester
//  
+
  * @returns UserInterfaceResponse
// It returns a UserInterfaceResponse object which contains all of the
+
  *  
// information necessary to construct a user interface for identity  
+
  * It returns a UserInterfaceResponse object which contains all of the
// information selection and release. This object contains:
+
  * information necessary to construct a user interface for identity  
// - Identity information of the requester (including name, address, CA) if available
+
  * information selection and release. This object contains:
// - Privacy Policy Summary, i.e. a description of the Requester's privacy policy
+
  * - Identity information of the requester (including name, address, CA) if available
// - Information about the user's previously selected options for this policy
+
  * - Privacy Policy Summary, i.e. a description of the Requester's privacy policy
// - Manual selection information (including per claim choices and recommendations  
+
  * - Information about the user's previously selected options for this policy
//   and images) necessary to display a set of card icons as well as their  
+
  * - Manual selection information (including per claim choices and recommendations  
//   contained claims
+
  *   and images) necessary to display a set of card icons as well as their  
// - warnings about this policy and/or this Requester, e.g. FirstVisitWarning, UntrustedSSLCertificateWarning
+
  *   contained claims
// - and UIDs for each selectable entry (these are handles to the card icons  
+
  * - warnings about this policy and/or this Requester, e.g. FirstVisitWarning, UntrustedSSLCertificateWarning
//   and/or individual claims used in 'tokenRequest'
+
  * - and UIDs for each selectable entry (these are handles to the card icons  
//
+
  *   and/or individual claims used in 'tokenRequest'
// The UserInterfaceResponse object should contain all information necessary to display
+
  *
// both the Cardspace ceremony and other interface paradigms to be developed in the future  
+
  * The UserInterfaceResponse object should contain all information necessary to display
//
+
  * both (a) a user interface which shares the same card metaphor, sequences of
 +
  * experiences and decision points (the ceremony) of CardSpace and (b) other  
 +
  * interface paradigms to be developed in the future  
 +
  */
 
  UserInterfaceResponse userInterfaceRequest(Policy, Requester)
 
  UserInterfaceResponse userInterfaceRequest(Policy, Requester)
 
   throws InvalidPolicyFormatException, UnsupportProtocolException,
 
   throws InvalidPolicyFormatException, UnsupportProtocolException,
Line 37: Line 49:
 
===Support for Token-based RP Interaction Patterns===
 
===Support for Token-based RP Interaction Patterns===
 
====tokenRequest====
 
====tokenRequest====
  // Given the Relying Party Agent (aka 'Requester')'s policy, identity information
+
  /**
// about the requester and the set of one or more selections that the user  
+
  * Given the Relying Party Agent (aka 'Requester')'s policy, identity information
// has just made in the [[ISS Web UI]] (see userInterfaceRequest)
+
  * about the requester, and the set of one or more selections that the user  
// <? AND presuming that the protocol involved in interacting with the RPA
+
  * has just made in the [[ISS Web UI]] (see userInterfaceRequest),
// requires a security token, request the token that corresponds to the user's  
+
  * AND presuming that the protocol involved in interacting with the RPA
// selection(s).  
+
  * requires a security token, request the token that corresponds to the user's  
// @param policy - the RP Agent's [[Relying Party Security Policy]]
+
  * selection(s).  
// @param requester - the RP Agent's identity information
+
  * @param Policy - the RP Agent's [[Relying Party Security Policy]]
// @param selections - the user-selected subset of the UIDs (handles)  
+
  * @param Requester - the RP Agent's identity information
//   contained in the UserInterfaceResponse object returned from  
+
  * @param Selections - the user-selected subset of the UIDs (handles)  
//   an earlier invocation of 'userInterfaceRequest'
+
  *   contained in the UserInterfaceResponse object returned from  
// @returns a TokenResponse that contains a ResponseURL <??> and a  
+
  *   an earlier invocation of 'userInterfaceRequest'
//   Digital Identity token message
+
  * @returns a TokenResponse that contains a ResponseURL and a  
 +
  *   Digital Identity token message
 +
  * The ResponseURL indicates to the HBX client where the security token
 +
  * should be sent (via, say, a POST method)
 +
  */
 
  TokenResponse tokenRequest(Policy policy, Requester requester, Selections selections)
 
  TokenResponse tokenRequest(Policy policy, Requester requester, Selections selections)
 
   throws InvalidSelectionException, ProcessingErrorException
 
   throws InvalidSelectionException, ProcessingErrorException
Line 67: Line 83:
 
   * @param page the browser's current URL
 
   * @param page the browser's current URL
 
   * @param username the user name
 
   * @param username the user name
  * @param form the HTML form name
 
 
   * @return a form filling script
 
   * @return a form filling script
 
   */
 
   */
  public String getFormFillingScript(String page, String username, String form)  
+
  public String getFormFillingScript(String page, String username)  
 
   throws java.rmi.RemoteException;
 
   throws java.rmi.RemoteException;
  
Line 89: Line 104:
 
  /**
 
  /**
 
   * Sets an HTML scraping script for the specified site
 
   * Sets an HTML scraping script for the specified site
   * @param host the site url
+
   * @param page the URL of page
 
   * @param script the script body
 
   * @param script the script body
 
   */  
 
   */  
  public String setHtmlScrapingScript(String host, String script) throws java.rmi.RemoteException;
+
  public String setHtmlScrapingScript(String page, String script) throws java.rmi.RemoteException;
  
 
===RSS+SSE Support===
 
===RSS+SSE Support===
Line 101: Line 116:
  
 
* Create an RSS-SSE feed that publishes the minimal subset of attributes required/supported by the RP site from the appropriate I-Card. If available, subscribe to a reverse RSS-SSE feed and use the data to update the a site-specific Card I-Card.
 
* Create an RSS-SSE feed that publishes the minimal subset of attributes required/supported by the RP site from the appropriate I-Card. If available, subscribe to a reverse RSS-SSE feed and use the data to update the a site-specific Card I-Card.
 
===OpenID 2.0 Support===
 
* <to be written>
 
  
 
===Sign-on Confirmation Notify===
 
===Sign-on Confirmation Notify===
Line 116: Line 128:
 
  void connectionNotify(ContextRef cref, String cuid, boolean success)
 
  void connectionNotify(ContextRef cref, String cuid, boolean success)
  
* The Higgins browser extension invokes this method after it has attempted to use the username 'cuid' at the website 'cref' with the password (retrieved from the browser's password manager) along with a HTML scraping script retrieved from [[RP Protocol Support]] to sign in to this site.
+
* The Higgins browser extension invokes this method after it has attempted to use the username 'cuid' at the website 'cref' with the password (retrieved from the browser's password manager) along with a HTML scraping script retrieved from [[I-Card Service]] to sign in to this site.
 +
 
 +
===Sign-on Confirmation Verify===
 +
/**
 +
  * The RP site invokes this method to verify that user really has an account on the specified site.
 +
  * @param host The verified site url.
 +
  * @param username The username to login onto verified site.
 +
  * @return The result of verification process.
 +
  */
 +
public boolean connectionVerify(String host, String username)
 +
 
 +
===ICard Management===
 +
====createICard====
 +
Creates an ICard object with the given id, and property set.
 +
 
 +
    /**
 +
    * Web service operation creating a new card
 +
    * @param userId user name(id)
 +
    * @param password user password
 +
    * @param id i-card id
 +
    * @param properties i-card properties
 +
    */
 +
    public String createICard(String userId, String password, String id, String[] properties) throws RemoteException;
 +
 
 +
====acquireICard====
 +
In general, creating a connection to a RP site, gets RSS feed that is representing i-card, and creates appropriate card.
 +
 
 +
    /**
 +
    * Web service operation to acquire the i-card from RP site.
 +
    * @param userId user name(id)
 +
    * @param password user password
 +
    * @param subscribeURL URL of the site from where i-card will be acquired
 +
    */
 +
    public String acquireICard(String userId, String password, String subscribeURL) throws RemoteException;
 +
 
 +
 
 +
== See Also ==
 +
* [[I-Card Service Web App]]
  
==See Also==
+
[[Category:Higgins Components]]
* [http://eclipse.org/higgins Higgins Home]
+
* [[Architecture]]
+
* [[Components]]
+

Latest revision as of 09:26, 12 July 2009

{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}

This component is part of the RPPS Package.

Service

UI Support

userInterfaceRequest

/**
 * This method takes as input a policy---for example, one that has been retrieved from the Relying 
 * Party Agent (called here the 'Requester')---as well as a description of the 
 * Requester. 
 * 
 * @param Policy
 * @param Requester
 * @returns UserInterfaceResponse
 *  
 * It returns a UserInterfaceResponse object which contains all of the
 * information necessary to construct a user interface for identity 
 * information selection and release. This object contains:
 * - Identity information of the requester (including name, address, CA) if available
 * - Privacy Policy Summary, i.e. a description of the Requester's privacy policy
 * - Information about the user's previously selected options for this policy
 * - Manual selection information (including per claim choices and recommendations 
 *   and images) necessary to display a set of card icons as well as their 
 *   contained claims
 * - warnings about this policy and/or this Requester, e.g. FirstVisitWarning, UntrustedSSLCertificateWarning
 * - and UIDs for each selectable entry (these are handles to the card icons 
 *   and/or individual claims used in 'tokenRequest'
 *
 * The UserInterfaceResponse object should contain all information necessary to display
 * both (a) a user interface which shares the same card metaphor, sequences of 
 * experiences and decision points (the ceremony) of CardSpace and (b) other 
 * interface paradigms to be developed in the future 
 */
UserInterfaceResponse userInterfaceRequest(Policy, Requester)
  throws InvalidPolicyFormatException, UnsupportProtocolException,
  UnsatisfiablePolicyException

Support for Token-based RP Interaction Patterns

tokenRequest

/**
 * Given the Relying Party Agent (aka 'Requester')'s policy, identity information
 * about the requester, and the set of one or more selections that the user 
 * has just made in the ISS Web UI (see userInterfaceRequest),
 * AND presuming that the protocol involved in interacting with the RPA
 * requires a security token, request the token that corresponds to the user's 
 * selection(s). 
 * @param Policy - the RP Agent's Relying Party Security Policy
 * @param Requester - the RP Agent's identity information
 * @param Selections - the user-selected subset of the UIDs (handles) 
 *   contained in the UserInterfaceResponse object returned from 
 *   an earlier invocation of 'userInterfaceRequest'
 * @returns a TokenResponse that contains a ResponseURL and a 
 *   Digital Identity token message
 * The ResponseURL indicates to the HBX client where the security token
 * should be sent (via, say, a POST method)
 */
TokenResponse tokenRequest(Policy policy, Requester requester, Selections selections)
  throws InvalidSelectionException, ProcessingErrorException

Connection to Higgins Client

  • Create a new account on the Higgins service registered to the client (e.g. HBX)
  • Verification of HBX authentication
  • Returns the Terms of Service of the Higgins service (human readable text document)

HTML form filling

getFormFillingScript

If there is a form filling script for the web page currently open in the browser, retreive data from the appropriate I-Card, and pass this data along with the script the client (e.g. HBX) so that the client can fill in forms on that page

/**
 * Gets a form filling script for the specified site&user
 * @param page the browser's current URL
 * @param username the user name
 * @return a form filling script
 */
public String getFormFillingScript(String page, String username) 
  throws java.rmi.RemoteException;

HTML Scraping

getHtmlScrapingScript

If there is an HTML scraping script for the current page, return it to the client (e.g. to HBX) for interpretation/execution.

/**
 * Gets an HTML scraping script for the specified page
 * @param page the URL of page to scrape
 * @return an HTML scraping script
 */
public String getHtmlScrapingScript(String page) throws java.rmi.RemoteException;

setHtmlScrapingScript

The one client (HBX) among the others (?it needs to specify which one?) captures/generates the HTML script from/for the site and then saves it into the server for the further using.

/**
 * Sets an HTML scraping script for the specified site
 * @param page the URL of page
 * @param script the script body
 */ 
public String setHtmlScrapingScript(String page, String script) throws java.rmi.RemoteException;

RSS+SSE Support

  • Acquire a card
// acquire the RSS feed from the RP site and then 
// create a new (site-specific) I-Card whose attributes are defined in the feed
acquireICard(String subscribeURL)
  • Create an RSS-SSE feed that publishes the minimal subset of attributes required/supported by the RP site from the appropriate I-Card. If available, subscribe to a reverse RSS-SSE feed and use the data to update the a site-specific Card I-Card.

Sign-on Confirmation Notify

// Locate the URIICard-type I-Card whose URI matches 'cref'. If no such 
// card exists, create it. Find the Digital Subject whose unique identifier 
// is 'cuid'. On the uniqueIdentifier attribute value itself: 
// (1) if 'success' is true, add/update to "now" the
//   the lastVerifiedFromSource metadata property's timestamp and
// (2) add/update the lastVerifiedAttempt metadata property's timestamp
//   to "now".
void connectionNotify(ContextRef cref, String cuid, boolean success)
  • The Higgins browser extension invokes this method after it has attempted to use the username 'cuid' at the website 'cref' with the password (retrieved from the browser's password manager) along with a HTML scraping script retrieved from I-Card Service to sign in to this site.

Sign-on Confirmation Verify

/**
 * The RP site invokes this method to verify that user really has an account on the specified site.
 * @param host The verified site url.
 * @param username The username to login onto verified site.
 * @return The result of verification process.
 */
public boolean connectionVerify(String host, String username)

ICard Management

createICard

Creates an ICard object with the given id, and property set.

   /**
    * Web service operation creating a new card
    * @param userId user name(id)
    * @param password user password
    * @param id i-card id
    * @param properties i-card properties
    */
   public String createICard(String userId, String password, String id, String[] properties) throws RemoteException;

acquireICard

In general, creating a connection to a RP site, gets RSS feed that is representing i-card, and creates appropriate card.

   /**
    * Web service operation to acquire the i-card from RP site.
    * @param userId user name(id)
    * @param password user password
    * @param subscribeURL URL of the site from where i-card will be acquired
    */
   public String acquireICard(String userId, String password, String subscribeURL) throws RemoteException;


See Also

Back to the top