selector progress

I am making good progress with the selector that supports Information Cards and OpenID (Cards). Maybe it will support username/password too.

Please notice the purple-i in the urlbar left of the site identity icon. Clicking it starts the selector which lets you login using your e.g. OpenID (Card). It "works" with the xmldap.org test page and it nearly works with Andrew Anortt's http://test-id.org/XP/Selector.aspx page. Markus Sabadello's testpage https://openidpad.com/ needs a little more work. The next step is to remember the cards used and display that/them in the urlbar.

I would like to mention that "login" or "connect" (to a site) is not enough. I think that attributes or claims are more important than login.

Sometime not too far in the future we should agree on a standard for this. I prefer the XRDS way to conway the RP's requirements to the selector and we can inline it into the HTML code if a download of the XRDS is not desirable...

New Version of "Cardspace for Firefox" addon

Well, this took quite some time.

Several people reported that there were issues with the IdentitySelector from the Codeplex repository (sometimes called Cardspace for Firefox) on Windows Vista while Windows XP worked. But now, finally, I was able to build a new version on Windows 7 using the Mozilla build system as described here. I tested it with Firefox 3.5.5 and it seems to do what is expected. Although I did not test it on Vista. Please report issues by using the Codeplex issue tracker.

Following are some screen shots from my tests:





The Cardspace version used was 3.0.0.0 as it come with Windows 7.

There is still much work to do like bringing this addon's code to the same maturity of the openinfocard selector.
And keeping it there e.g. by improving the XRDS support.

Later support the OpenID Selector...
And integrate with the work at Mozilla Labs like the "AccountManager"...
Not to forget the design work in the Kantara Universal Login Experience working group...

Dancing Elfs

Send your own ElfYourself eCards

Trust in Crypto

Some people fear that an encrypted token send through an untrusted operating system is not safe. Well, decrypt this:

<enc:EncryptedData xmlns:enc="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"><enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" /><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><enc:EncryptedKey><enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /></enc:EncryptionMethod><ds:KeyInfo><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">cInCP+uDfNbevxLZEMnZG3ozidc=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo><enc:CipherData><enc:CipherValue>wu7z3ml5LPdisc1F/o2gWP/I/8lgQNnj5PYoRw/CNe6f1kFtvE7Q4zZiNCrqsAJiY115ztR063siJLFiSsyGi9jRTrRuTD3ZZGrlQHedWFbG519UXk14cT6fqqQ3O8b6jXqhVDWpeRn08vKv+K6FS4wI2wKZNH3BUw169VSjz0otC8HSUz5FG8POGhVL0/kkzYmgfhq75jt84iKt2dLVNQEDHvSYraAUOc4GCuMzd0l2TgSqVQ1dJYC9NC9iTyUv0l6GPV8XApdbK/7oKW4e4aNvhhkoyLDP/U6RxLiH/QPD7EEP0vM58LETTWD+R3tViD/A5UMVlVVzF6MMsdRI0Q==</enc:CipherValue></enc:CipherData></enc:EncryptedKey></ds:KeyInfo><enc:CipherData><enc:CipherValue>n4vumLMhKFzn29uSCktg1jEnzBf9yJcgt+OvYa7r3Vi7eLLyL9uGHy3NDIsaAr0qYF/+AyjwIE8aCk0/qMjFiY+O3j/oQLulbU+RHooQm95cesySRs2PlZ6G5nI1lnMDb9SsSFMhSjl2ZTBV6YWJ69kphS8IbQFjuNcnZBW4ARI0A5WGhj36F2zGXAGnJ7BNvVLJLv8zMT3hsmcJ0ZHA2ggN5RJnPEKT56OJkcgNN0mjhhldt35As2qK7NDumv25WB+3BX1DSCFBGkHCiK5pGjKAXu3tudXFt0+ryvDojdVpmbOwypRXjzgqCBZ8gOLMGoyYFVgXINUY59+mqbhv/mIBaOqbmuVV26tCWPWFkvbzMz1jD3fEcws7nKoc69Ceavl1BKWb5Zq+YYr3voHr7g2ZRvBd6me2YTRx6BNIgj8dbplzlD3Bp4HO13tK0rZXpJH1Z2OXfpUd3ZE0T879WJjDA1qcgUswH8F0ER+UG09P2Z2PgK2McFz4ntwTJOSohhipMU0WFRHQr3s+bLr3c78NFZl8FGGZ9rRm/AMhsHPqKuK/WAqmvtMoYdXPTWw5cP5CysgVIdWO+VymKZ4W7LbtZrZRk9hCya6ANmpkckEBSo03p/psqE5X97A43V6XExjP4cQNdwPZw1b8c4UDJzvFFFL69P3HispobxvdlLqI2nxu2tp9M9eyYQDHtqjSdutYjkyolXkrEKoRGAPOoUsUlxnctHd6RmbA825YNywNMG9sXqxIM8ua1BQoEWfRQauFUYxyGQYywqT0MsbVu1N2HSQsc8Dern6kOl0OLd/Z4n1XZI3bMWMCtNe4DrK2OOeG1RY8DPOn8dW+AL/+T2iqVv2d3dNkRXTvkaEl9UXecBe/G6oqtkjjTdSdZ/20ifi9LFejagAtdIQ+crfH12JKyGs5tPVgDtZfJPoAryHAeyqI+0kUsTTVgsJtE1OU/FAXI2naEVCDH26vZOt9QzaXkTgmRAL8X65BaXczJ365QWi/oURNq/q4zSpo/fkRrspIfh9mefhbyssNsGYWHtQO0GOeNzrCfpdRll5f2w8DdEkH3+u0V4c4otf0pMYkhyw007ig1Y7xgY+e1xFP7/fJ0QMa04XDe+NWdgDhT0NJe23ehPgOPFC0Qa4gC5an9V//u1/svnzjrNyKhjfUVQ7ai+xAi7Pla7Irmpr35vX+FjkPzmFyNnfNqRt3+o9rzLHRS4QYTMK00FccP7cirekRK45ni2yLa1wgHBn674owJTje/ugOYsXCdkZEOUbs6LgOMPjUlxUwQpeLj4uw1ycMRNZGNo7zBDHSMZ18ZRxAuP0J2V1s9KiQBLBsodtZ7fyqVYjKQVSeYj7mDlPM6r/4tC+R8k8pEQpnjvQFqhm/MHfZzoaYfO9523J5s5FXMOhO94XK/VdRayvOHNxaK1NV6k2tEpaPXPa4cSorRXBn81yKItis+u1NbE4SBb5CkuTTQnPNJec2/BQQspwWKfbMAs/sptJel4OaZ6x5svyHgijnYTV373V1EcIPDDNzDH/iJGJv/3hhZs0QNP4hO1zU+8RFphDMclM1YtYzruoROL8JW0jMwDC/UyfhKlWLIUSOS8PFE22UCuXpsnbY5ty/Q8CSaIvhNrOodAC8gRKoLGdyEqFt+tk4Fjbty7biuOBgONF8Uh8XeT9jKlRI3FUc4kpC3Pafeg7Os3LuXcxu8CggrRH73Lh4MJQ1Y7IIRsxDPNuJTBzEvsQJdNzPy/t+LA8cNV9OPat5+LXFhd1TH6zwqYC7i3hSCq9NT9spp15cZ0KZJt7FFd8uYwE9AHmy6Jb8NdbAXruwnGIETiiOYvlehGkMcND0aiwx7KIycYwz9quyOh9vYdc0IGvKaBLfbv7TYC89xSuOBqLiiuW4BOLMXxvrdutRPVy5HqLHlfOzaiq+TbljC+dqjJUw3NpViS5pmiP2culW4ZphNROb1Rp+oJLu1E2F6eGUNGBTSlohK6RD7ZaKVvLxU/PH0WNwXqmUY6215MRjH0+yEeKPNR/iq/KOmI9xwN0GB7Qpao1yS71tLnM/Rg6hjOI9X6ynDsTPRiUK+doeDznOfcysObf8Zpjjlp1eRHYCnp9WJNM3IGg/hd53APMUP+qy3wAmsKmLJ88W0qxUefslynIEKZeriARXpjQj46yDGIXYpe9XNBJAVc88+WCA4mIKlolsbtHZwbMccsfVQKiqLqV21Um50IITpLpPY5v1yRwNMf9A9/n72qrolDm8h38xDWPwyrojWs06bz4XMIQF7/lSR2aRE9L78Lp1i5UafNYe3EgnAReZsYWvCAr8Xm7IXyQmgEXh9en28b1t1ZsKNCyvQRRD5IqzSqBswtITRmbjoBfw2EnYcIp0E8vKGAG5zyxphhXCwfjEoRxKuZ7hDPcfGQb++KbPgIl3Ub6sJTX0QoVjBCAYnXvpKaKOQ9zOYN4MVp+lKMcFw0w4j/8IDC8D8O9ZAQhn2Bj6CPjAtEN6mwv4DqQwndNxx3glkOFVvkLBHkRfTvcQRmBcNjeP4RpQyCqMMgIcIRuQFYfQUXy0QxVVbegZHzeYYhe6A5yp3Oz3M87Nn3j5V5puu3kMUtLKIYl0KjKbrBLX8sqtx/BDhd+BuWiFsedmL0kAmRxuh96SoR1E6EzIrIm8s9xLvGRH45oBs5QA9KoSvm/gE2mcYVoe7baZocsrlkWs+xoZDwDAbmPZi16jbnwXxEWfwTBvKQ8vQisIN24O+gJXi7r0dzoRTqIY104yPJmPdIGh0rdGU4AUxtJNhpLujSpteU82M7kAlVhP4IK0UHIfciJ13C4OX0IH8y8shcu4QvZK4Nw98uIBjY3ybjMB9bqZAO2pZM1lk9sdn590L7iA/vjjJ24wAl2Yz2MhgtUKzTfTRzhnje+E10JHKYph/Z+DWO8Ku4vWEgak6m9flfXwrFPkSENTTNHXVKTnvFrdvJtfYAcympLg/tJXmQlrT+kQl2o/jbIcePi6HbtR+YtYWpckkfvU/cvcqWMuiJNHi3ST8vvVoGrypq7aY6MnJPqNTVD1yc3q2ZQxfreevKRktHm8gwGIjyuL7mUOkF4r0dQgWmcpQhS2Ozil5NkVtLdxJmcWeFxv3GZ4Tta2NXIEQexdgjUnAGRQH/CAF/Xi/9fjoM4puZTdlxdx4QRps1Y4DBQ6oCnI67sUdQGtcx7LwCVrLFJc0gKtnVtmEVvYDKPv1E4eIvyPz/6+fjHcYePYmKxPa6dV50g9E6K0832osbdV9klbDsx9AE0B2qkI0akEBuP978Wl5tIUDqC0kMNMp1wt2WTLx7KOrwLQVVUyFx167BGaduxIm/QAj5Jht6tVaAuCrhU3u6qzxZ7GQHtPe9pJCAtEOGNx68TGgaQynIdA0dS2G85XtYAHXI+Yt1D6eoQbQ04sMGiKfdm2E5QRy7lS/lNSQaf3+kNCiTEHmHeaTy4zCpMWvDDaAqtQbM5JNMxa4mkr0mmxOoykIS8CuSkat8+QIzROFEsIc+66qQC4yAJ0bKssZ0tyQ3BQC3D3hAGZoUsg8pUTNcR/i/hT0x5AMCgaU9EMkFFOhFQoVdcUti3tpUSLtpjVheuG5pAHIlGasfnh4iYexWQeF4DDoJRCFUVprFY7VJy4AAvT8qM+3XnraTKbLDncKEx14TDELnXdNgRDYkqt/XKgZ/Y2hNM0zonZHsp/lz8+ISfKJR5LRTjX2Xg+2loHKBIm6ysJ2ukEodwafMhJxPD7KSjJi/qW06WzCG3K1o4D/Q4B6ABjbGY7HXvn+yhz9EdWWECHfN+i2x/Jdh15wRsuS0hRGD0RL7O//mjHtGzJN0w1KqLYJvglUlEVVUtXqKwk/L0NLMW3T8n84kA/LEXL9a1NgQDlpBoP3ZOXqpzFa1rzfZfBkniIgQJT+JaciDpgo0oeo1F4uGRlQ5h5kIL6dXiOchkHEBv7uo0+N4OhRcK6mjHUgzorSwmkocYktW2Szu8gdr8ts6QbtkCM++uNz+v8AP5vO+gUh5b+9I7NWbkWdrqoWAOCw+miT7dPG5jMJ76HYCBFbWJt2iV96cpwiIR4VXH3kMHQBl0E66s75GFmaGUnx51JNXUGavmQASR3vsvrrC8kATb+P/mmTprvikGM7IPgWG1zHTcqLuoHDylVmfGHg0ys9LpqwuUBu7FvFuuftVwl/24RGJrxup3bGjOb3hJ12HSVMJ3NMZxVBIG4FVz7Voi9B8cCi9wPfaacZvc0Vk2itFOJS77nNrKs5XizH80JfWxu1Y/BYYNsMMys42rPpf0Mba/DHUfROLzlH5dg2lKQuuR1aJHLKWZHoQQPKEPu9D/pZKY7Y4T5ImdElXLG</enc:CipherValue></enc:CipherData></enc:EncryptedData>

If you succeed I'll fetch you a beer at IIW2009b.

Information Card Handouts from DIDW 2009

These two are the front and back side of the handout the Information Card Foundation provided at DIDW2009.



Visit Open Identity Solutions for Open Government to learn more how Information Cards are used in Open Identity and join the discussion at the Internet Identity Workshop. Register here!

New Version Openinfocard

I just uploaded a new version of the openinfocard selector to Google code here.

I changed code that limited self-issued cards to the "well-known" claims. Now I only need to add UI-code to enable the user to specify arbitrary URLs as claim-uris.
This change forced me to change the internal cardstore format for self-issued cards. The related XML now is more similar to the RoamingStore-format for Information Cards. This is good, but existing cards stop to work. Users of the new version have to delete and recreate their self-issued cards. Sorry, although I promise that this will be not the last time ;-) for this kind of changes. I want the internal cardstore format to be exactly like the RoamingStore format (plus legal openinfocard enhancements).

Other changes: - A small change that improves statusbar Information Card icon clicks when an object tag is in the page but no XRDS. This need more work.
- The sidebar code is leaner. This needs more work too, so that only matching cards are displayed and the sidebar window gets updated when the main window changes.
- The preferences javascript code is now in a separate file. I moved it from the XUL page. This seems to make the XBL that implements the preferences page happier.

I am glad that I found some hours to work on my hobby.

Happy Birthday Kim! Elusive Privacy Reloaded

That elusive privacy