Skip to main content
Jump to: navigation, search


Revision as of 09:44, 14 December 2006 by (Talk | contribs) (HTML form filling)


Provides support for Higgins clients, including the Higgins Browser Extension.

More Proposed Methods for the RP Protocol Support

In this section, we present two additional interfaces for this component.

 UserInterfaceResponse UserInterfaceRequest(Policy, Requester)
   This method takes as input a Policy and Requester information.
   This method returns a UserInterfaceResponse object which contains the following
   # ID information of the requester (including name,address, CA), 
   # Privacy Policy Summary, 
   # Previous Session Selection information, 
   # Manual Selection information (including per claim choices and recommendations and images),  
   # warnings, 
   # and UIDs for each selectable entry
 throws InvalidPolicyFormatException, UnsupportProtocolException, UnsatisfiablePolicyException
 warnings FirstVisitWarning, UntrustedSSLCertificateWarning
 TokenResponse TokenRequest(Policy, Requester, Selections)
   The Selections contain the UIDs of the choices made by the user
   TokenResponse contains a ResponseURL and a SecurityToken message
 throws InvalidSelectionException, ProcessingErrorException

Token-based Authentication

  • Get a Digital Identity
// Get a DigitalIdentity that will satisfy the RP agent's policy
// Return a DigitalIdentity token
DigitalIdentity getDigitalIdentity(RPSPolicy policy)

Example use: When the user's browser with the Higgins extension lands on a site that requires a Digital Identity for authentication, HBX sends a 'getDigitalIdentity' request to RP Protocol Support passing the Relying Party Security Policy along as a parameter.

Implementation: RP Protocol Support simply returns the result from the I-Card Selector Service's 'getDigitalIdentity(RPSPolicy policy)' method.

Connection to Higgins Client

  • Create a new account on the Higgins service registered to the client (e.g. HBX)
  • Verification of HBX authentication
  • Returns the Terms of Service of the Higgins service (human readable text document)

HTML form filling

  • If there is a form filling script for the current page&site, retreive data from the appropriate I-Card, and pass this data along with the script the client (e.g. HBX) so that the client can fill in forms on that page
    * Gets a form filling script for the specified site&user
    * @param host the site url where user lands on
    * @param username the user name
    * @param form the HTML form name
    * @return a form filling script
   public java.lang.String getFormFillingScript(String host, String username, String form) throws java.rmi.RemoteException;

HTML scraping

  • If there is an HTML scraping script for the current page&site, pass it to client (e.g. HBX) and retreive from client attribute data that RP Protocol Support can store in a site-specific IdASCard I-Card

RSS+SSE Support

  • Acquire a card
// acquire the RSS feed from the RP site and then 
// create a new (site-specific) I-Card whose attributes are defined in the feed
acquireICard(String subscribeURL)
  • Create an RSS-SSE feed that publishes the minimal subset of attributes required/supported by the RP site from the appropriate I-Card. If available, subscribe to a reverse RSS-SSE feed and use the data to update the a site-specific Card I-Card.

OpenID 2.0 Support

  • <to be written>

Sign-on Confirmation Notify

// Locate the URIICard-type I-Card whose URI matches 'cref'. If no such 
// card exists, create it. Find the Digital Subject whose unique identifier 
// is 'cuid'. On the uniqueIdentifier attribute value itself: 
// (1) if 'success' is true, add/update to "now" the
//   the lastVerifiedFromSource metadata property's timestamp and
// (2) add/update the lastVerifiedAttempt metadata property's timestamp
//   to "now".
void connectionNotify(ContextRef cref, String cuid, boolean success)
  • The Higgins browser extension invokes this method after it has attempted to use the username 'cuid' at the website 'cref' with the password (retrieved from the browser's password manager) along with a HTML scraping script retrieved from RP Protocol Support to sign in to this site.

See Also

Back to the top