Difference between revisions of "Solutions/RCP Selector Solution"

Revision as of 01:42, 29 January 2008

Introduction

This solution provides a Eclipse RCP based program which can be installed into end-user desktop machines. This program consists of the complete Higgins infrastructure stuffs (refer to the architecture section), as well as a SWT/JFace based I-Card selector, in order to give end-user a more secure way to manage i-cards, and a rich and friendly user experience of i-card selection.

The solution program runs on end-user desktop machine as a daemon process, and provides browser integration function (see the following sections) by default. On Windows platform, the intgration code will give end-user a chance to select Microsoft CardSpace or Higgins as their default i-card management and selection program. The solution program also provide integration interface to other applications (e.g. Java application) through different ways.

How it works:

1. When the program first run, it launches a card manager UI, where the user can manage the I-Cards s/he has. The user can minimize the program as a system tray, and start it at any time s/he wants. The program also opens a socket to listen to the HBX requests.
2. When user submit a info-card form in IE, the HBX intercept the action, collect the policy string, and send the string to the RCP program through the socket.
3. The RCP program then launch the RCP based I-Card selector UI, and user can use and send card in this UI. Here User can not shift to other applications, as the I-Card selector UI will cover the desktop with a half-transparent mask, and only the I-Card selector workbench is active.
4. Once the RCP program receives the security token from STS, it send the token to HBX through the socket connection.
5. HBX then send out the security token to the RP site.

Note: The HBX component referred to above is the Higgins Browser Extension for IE7 not Higgins Browser Extension for Firefox.

End-User Perspective

Functionality

This program contains two parts of function: i-card management, and i-card selection.

Based on the secure storage component, this program provides a rich user interface to manage the i-cards. I-cards are stored in a card store file, (with ext .crds), which is encrypted and protected by password. When you first startup the program, you are required to select an existing card store file, and enter it's password. You can also create new card store file.

After you entered the correct password of a card store file, the i-card manager UI startup, and here you can view all of the cards inside the current store file. You can create a new personal i-card, import a managed i-card, backup the selected i-cards, restore i-cards from a card store file, or delete i-cards. The program provides user friendly GUI for you to do so.

The main GUI figure for the card manager functionality, (the GUI may be modified in later development).

The card selector UI is invoked by the Web browser (currently we only support IE), where all of the i-cards that are filtered by the relying party policy are presented, and the relying party site's information is also listed here. The end-user can select one card according to the information, and then input the identity provider credential, if necessary. Finially the selector fetches the security token from the identity provider, and posts to the relying party.

Setup

This solution is a desktop program, so it will provide a installer program in the future. For Windows system, the installer program do the following things:

1. Put the IE or Firefox plugins into the specific folder, register the DLL file, and then modify the Windows system registry for the IE plugin.
2. Put the Eclipse RCP application into the specific folder.
3. Created the RCP startup properties file

Deployer Perspective

Deploying

The section describes the deployment status (without the installer program).

1. Get the following binary packages:
   1. The Eclipse RCP program binary package. Refer to the "Building" section for how to create this package by source code.
   2. The Higgins browser extension for IE. This is a dll file, also refer to the "Building" section for how to create this dll file for Windows.
2. Deploy the default card store file.
   1. If you have a *.crds file, you need to rename it as "cardstore.crds" and put it into [User Home]\.higgins\.icard\.
      • For Windows XP system, the [User Home] should be C:\Document and Settings\[User account].
3. Deploy the Higgins browser extension for IE.
   1. Open a command-line window.
   2. Execute regsvr32 hbxie.dll, you will see a message box pop-up reporting the dll has been regstered successfully.
   3. Open Windows register editor, find this item:
      • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-informationCard
   4. Change the "CLS_ID" to the following value:
      • {EF0EA349-971F-4C32-939D-1F9CBBC2A596}
4. Copy a "startup.jar" into the "eclipse" folder of your Eclipse RCP package, and start the RCP program by the following command line:
   • java -cp startup.jar org.eclipse.core.launcher.Main -application org.eclipse.higgins.crpps.application -debug -console -consolelog

Configuration

1. The identity provider configuration folder locates inside the project
   • org.eclipse.higgins.crpps/Configuration
2. You can also manage the default card store location by menu item.
   • [Window]-[Preferences]

Developer Perspective

Architecture

Building

You can check out the following project from Eclipse SVN: org.eclipse.higgins.crpps.feature

Open the "higgins.product", in the product editor, click the "product export wizard", and then Eclipse will automatically build all of the project for you, and export a complete Eclipse RCP program.

To enable this, you also need to check out the following Higgins projects from SVN:

1. Application Layer
   1. org.eclipse.higgins.crpps
   2. org.eclipse.higgins.rpps
2. Configuration
   1. org.eclipse.higgins.configuration.api
   2. org.eclipse.higgins.configuration.common
   3. org.eclipse.higgins.configuration.xml
   4. org.eclipse.higgins.configuration.xrds
3. ICard and selector service
   1. org.eclipse.higgins.iss
   2. org.eclipse.higgins.iss.cardspace
   3. org.eclipse.higgins.icard
   4. org.eclipse.higgins.icard.common
   5. org.eclipse.higgins.icard.registry
   6. org.eclipse.higgins.icard.provider.cardspace.common
   7. org.eclipse.higgins.icard.provider.cardspace.managed
   8. org.eclipse.higgins.icard.provider.cardspace.managed.xml
   9. org.eclipse.higgins.icard.provider.securestorage
4. IdAS
   1. org.eclipse.higgins.idas.api
   2. org.eclipse.higgins.idas.spi
   3. org.eclipse.higgins.idas.common
   4. org.eclipse.higgins.idas.registry
5. STS
   1. org.eclipse.higgins.sts.api
   2. org.eclipse.higgins.sts.spi
   3. org.eclipse.higgins.sts.xmlsecurity.apache
   4. org.eclipse.higgins.sts.base64.apache
   5. org.eclipse.higgins.sts.binding.axis1x.client
   6. org.eclipse.higgins.sts.binding.axis1x.common
   7. org.eclipse.higgins.sts.client
   8. org.eclipse.higgins.sts.common
   9. org.eclipse.higgins.sts.server.mapper.appliesto
   10. org.eclipse.higgins.sts.server.mapper.extension
   11. org.eclipse.higgins.sts.server.mapper.polling
   12. org.eclipse.higgins.sts.server.metadata
   13. org.eclipse.higgins.sts.server.token.alf
   14. org.eclipse.higgins.sts.server.token.compound
   15. org.eclipse.higgins.sts.server.token.encrypt
   16. org.eclipse.higgins.sts.server.token.handler
   17. org.eclipse.higgins.sts.server.token.identity
   18. org.eclipse.higgins.sts.server.token.saml
   19. org.eclipse.higgins.sts.server.token.self
   20. org.eclipse.higgins.sts.server.token.trust
6. Misc and Utils
   1. org.eclipse.higgins.dependencies.redistributable
   2. org.eclipse.higgins.message
   3. org.eclipse.higgins.registry
   4. org.eclipse.higgins.rsse
   5. org.eclipse.higgins.util.jscript

See Also

• Solutions

Links

• Higgins Home