Wednesday, September 24, 2008

Drag & Drop Login

On Monday I published a version of the openinfocard identity selector that allows drag & drop selection of information cards at a relyingparty.

While this is NON-standard I would like it if some relying parties would jump onto this train. And of course I hope that this or something like it will become Standard.

Some thoughts about this:
Why: It is cool. You want to drag a card onto the relyingparty.

What is the problem with the current standard? The object tag has no width and height. Although the object-element was originally intended by the W3C to handle media data like video, flash, pdf, etc this was/is not the way the object tag is intended to be used by ISIP and the ISIP Web Guide as defined by Microsoft. Here the object-element provides information about the required and optional claim, the token type etc but it does not occupy space on the web page. This means that there is nothing you can drop a card onto.

Solution: Introduce a parameter to the object-element that signifies the HTML element where a card can be dropped on. The identity selector then adds drag&drop handlers to this HTML-element and these handlers trigger the identity selector when a cardId is dropped on the HTML-element with the right icDropTargetId.
This is a 1-to-1 relationship between object-element and droptarget-element.
The drop target is inside a form that gets submitted when a cardId is dropped.

Technical detail: The thing that is dragged has the mime-type "application/x-informationcard-id". If you are a card selector outside of Firefox then all you need to do to participate in this is to create a drag-"thingy" with this mime-type. The openinfocard id selector will accept only things dropped onto the drop-target with this mime-type. Easy, isn't it?!

There is of course room for improvement. We could aggree on dragging a whole card of mime-type "application/x-informationcard" and compare the tokentype and supported claimtype before accepting the dragged card...

Compability with CardSpace: The icardie.dll does not care if there are extra parameters for the object-element. Your relyingparty works with CardSpace when this new parameters is present. There is just no drag&drop feature.


Paul Madsen said...

Hi Axel, do only 'valid' cards (ie those that can satisfy the RP's requested claims) appear in the sidebar?

maybe have your 'work' cards on the left and the 'play' cards on the right to avoid confusion :-)


Axel Nennker said...

The plan is to have the cards in the sidebar colorcoded like in the "normal" card selection window.
Green - card matches and was already used at RP
Yellow - card matches but was not used at RP
Red - card does not match RP's requirements for tokentype and/or claims
I can reuse some code that I already have in the selector for this. What is missing is code that notifies the sidebar window when the content of the main window changes.
Next I could refuse the dragged card when it is not matching. That needs to be implemented anyway because the card could come from another application e.g. Windows Explorer.