Normally I do not blog about my employer but this time I would like to make an exception.
Deutsche Telekom launched its developer platform called "Developer Garden". This is great. Currently you can send SMS, start telephone calls and resolve IP addresses to locations. Nice. I wish I had time to start another opensource project for this that uses Information Cards and the IP Location service. Or my employer would give me the time to do this...
Two things come to mind.
- create an STS that issues IP location cards. When the user uses this card at a relying party the IP location STS resolves the IP Location and puts the location information into a SAML assertion. Easy.
- create a Firefox 3.x (x>0) location provider that uses the IP location service in the browser. I guess that raises some location provider and browser location GUI issues. Doable.
Although not everything must be done with an Information Card. Providing location information through a card is not widely accepted in the Internet user population ;-)
Anyway. I do believe that relying parties want location information and that Information Cards are a good way to provide claims about a user with the user's consent.
This again raises the issue that we need security tokens that hold claims values assured by multiple sources (IdPs). But maybe this does not really matter. The user does not know about all the underlying technology and he should not need to care about it. I am thinking about a UI where the cards (and the claims) are presented to the user, who then drags the cards or only some claims from several cards to the relying party. The selector then fetches the security tokens from the multiple IdPs and sends the multiple security tokens to the relying party.
How does the selector know about where to post what claims? Through XRD.
IdentityServer & Heidelberg on Channel9
2 days ago