Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Solutions/RCP Selector Solution"
(→Functionality) |
(→Functionality) |
||
| Line 25: | Line 25: | ||
''The main GUI figure for the card manager functionality, (the GUI may be modified in later development).'' | ''The main GUI figure for the card manager functionality, (the GUI may be modified in later development).'' | ||
| + | |||
| + | The card selector UI is invoked by the Web browser (currently we only support IE), where all of the i-cards that are filtered by the relying party policy are presented, and the relying party site's information is also listed here. The end-user can select one card according to the information, and then input the identity provider credential, if necessary. Finially the selector fetches the security token from the identity provider, and posts to the relying party. | ||
===Setup=== | ===Setup=== | ||
Revision as of 11:51, 28 January 2008
Contents
Introduction
This solution provides a Eclipse RCP based program which can be installed into end-user desktop machines. This program consists of the complete Higgins infrastructure stuffs (refer to the architecture section), as well as a SWT/JFace based I-Card selector, in order to give end-user a more secure way to manage i-cards, and a rich and friendly user experience of i-card selection.
The solution program runs on end-user desktop machine as a daemon process, and provides browser integration function (see the following sections) by default. On Windows platform, the intgration code will give end-user a chance to select Microsoft CardSpace or Higgins as their default i-card management and selection program. The solution program also provide integration interface to other applications (e.g. Java application) through different ways.
How it works:
- When the program first run, it launches a card manager UI, where the user can manage the I-Cards s/he has. The user can minimize the program as a system tray, and start it at any time s/he wants. The program also opens a socket to listen to the HBX requests.
- When user submit a info-card form in IE, the HBX intercept the action, collect the policy string, and send the string to the RCP program through the socket.
- The RCP program then launch the RCP based I-Card selector UI, and user can use and send card in this UI. Here User can not shift to other applications, as the I-Card selector UI will cover the desktop with a half-transparent mask, and only the I-Card selector workbench is active.
- Once the RCP program receives the security token from STS, it send the token to HBX through the socket connection.
- HBX then send out the security token to the RP site.
Note: The HBX component referred to above is the Higgins Browser Extension for IE7 not Higgins Browser Extension for Firefox.
End-User Perspective
Functionality
This program contains two parts of function: i-card management, and i-card selection.
Based on the secure storage component, this program provides a rich user interface to manage the i-cards. I-cards are stored in a card store file, (with ext .crds), which is encrypted and protected by password. When you first startup the program, you are required to select an existing card store file, and enter it's password. You can also create new card store file.
After you entered the correct password of a card store file, the i-card manager UI startup, and here you can view all of the cards inside the current store file. You can create a new personal i-card, import a managed i-card, backup the selected i-cards, restore i-cards from a card store file, or delete i-cards. The program provides user friendly GUI for you to do so.
The main GUI figure for the card manager functionality, (the GUI may be modified in later development).
The card selector UI is invoked by the Web browser (currently we only support IE), where all of the i-cards that are filtered by the relying party policy are presented, and the relying party site's information is also listed here. The end-user can select one card according to the information, and then input the identity provider credential, if necessary. Finially the selector fetches the security token from the identity provider, and posts to the relying party.
Setup
<how do you install it?>
Deployer Perspective
<This section exists only if the solution can be deployed independently, e.g. STS. In the event that the solution consists of executables that run in more than one process, then these "sub-systems" should link to separate pages that adhere to the following structure (for example, see here>
<links to one or more pages to describe...>
<..prerequisites>
Download
<..how to obtain the .WAR, .jar, etc.>
Deploying
<..how to deploy a complete working solution>
Configuration
<..configuration files, options, etc.>
Developer Perspective
<links to one or more pages to describe...>
Architecture
<..[flow diagrams]>
<..list of components used>
Building
<..how to get the source>
<..how to build executables (jars, wars, exes, etc)>