Wednesday, October 31, 2007

Codeplex IdentitySelector 1.0.2

I just uploaded a new version 1.0.2 of the identity selector selector Firefox extension.

Firefox


You can find the XPI and the source code zip-archive on the Codeplex IdentitySelector release page. Please click the "IdentitySelector-1.0.2.xpi" link to install this extension into Firefox.

So, what's new?
  • issuerPolicy is now supported
  • no-SSL should now be supported. Not tested. You need .NET 3.5 (CardSpace 1.x) to test this.
  • report errors to javascript console
  • tokenType may be null
  • requiredClaims may be null
  • javascript errors in InformationCard.xml are fixed


Here are two pictures showing Microsoft's ageSTS before and after login using this new version of the Firefox extension with CardSpace 1.0 as the identity selector:




This needs more tests and sometimes shows the dreaded "Additional plugins are required to display all the media on this page" status bar.



Please try it and report issues to me.

Tuesday, October 30, 2007

openinfocard no-SSL


I just uploaded a new version with initial no-SSL support to the openinfocard download area.

The relyingparty at xmldap.org is not yet updated but this will happen soon.

Monday, October 29, 2007

ID Selector Beta Version Regression

How and when to trigger the id selector is --- complicated ---.
Two beta versions back I introduced primilary code to handle javacript triggering better. Well, since then the openinfocard id selector started to dislike our own xmldap.org relyingparty, which uses the plain old style recommended in "A Guide to Supporting Information Cards within Web Applications and Browsers as of the Information Card Profile V1.0". Thanks Pamela for notifying me.
After two nights of fruitless tries to fix this I decided today to go back two steps.
I made a backup of my current local code repository and retrieved a fresh copy from the public google code repository to build a "working" version again.
You can download it (xmldap-0.9.8.200710291053.xpi) here.

As I am considering myself as an eternal optimist... here a small outlook which features might make it into the next (sans-micro-)version.
- no-SSL support
- better javascript id selector triggering

Friday, October 26, 2007

information card web integration complexity

During the interop id selectors were, among many others, tested against this relying party: MS no-SSL RP.

As you can see in the results table every other than the CardSpace selectors failed. At first glance this is no wonder because the no-SSL feature was just resently introduced.
BUT there are other reasons why this failures occur. One thing that really annoys me: Somebody found it cool to put the object element of type application/x-informationcard into the head part of the html document!
Well this may be perfectly legal, but why don't "they" adhere there own "A Guide to Supporting Information Cards within Web Applications and Browsers as of the Information Card Profile V1.0"?
Keep it simple! What is the reason to do this? Please enlighten me!

We all want information cards to be a success but doing all kind of possible tricks does not help. Giving guidelines to relying parties is good, but maybe this should not be just guidelines but a "standard"?!

Thursday, October 25, 2007

Interop I2

There has been some blogging about the interop event at Burton Group's Catalyst Conference EU07 already.


It has been a lot of work to test all this. For me I tested the openinfocard id selector against all IdPs and all RPs. Next the result tables for the xmldap IdP and the xmldap RP waited to be filled. Some server's even needed to be tested several times because issues were found. Specials thanks from me to Microsoft's Age STS team. It took us some time to notice that they use the 'issuerPolicy' parameter which caused the trouble.
My opinion is: don't use issuerPolicy except you have good reason. And don't use symmetric binding except you have good reason. I would prefer it if we would concentrate on the "standard" use cases for now.

Another point: One thing I missed during the interop. We forgot to create tables for the handling of privacy statements. I put this feature into the openinfocard id selector just recently...


This leaves us some work for the next interop. If you think that this an id selector feature and not an interop issue, then try to view the privacy statement from xmldap's relyingparty using CardSpace.

A final word: Alles wird gut.

Tuesday, October 23, 2007

Card Import Issue

I just uploaded a new version of the openinfocard id selector to
http://code.google.com/p/openinfocard/downloads/list

The XML library of Firefox's javascript seems to dislike xml processing instructions.
Now I remove them before importing the card...

They did it again ;-)

The interop event at Burton Group's Catalyst Conference Europe 07 in Barcelona just started and guess who has no nice poster provided by Burton Group? All the other participants have one, but xmldap's / openinfocard's is missing again.

They did this to us in the first interop too.

Update: Somebody brought the xmldap sign later. Thanks.

Here is a picture (courtesy of Charles Andres) showing me and Steffen Konegen from the jinformationcard team. (Still without the sign)

Thursday, October 18, 2007

xmldap.org update

Today I updated the relyingparty and the sts at xmldap.org.



This was long overdue and I am happy that I could improve the deployment process to make this possible. The WAR files are now self-contained. The only file accessed outside the applications is the J2EE container's keystore.
There is not much to see on the surface though, but now it is easier for me to demonstrate new features and improvements on this internet accessible site.

Please test it and send bug reports, feature request...

Tuesday, October 16, 2007

Codeplex IdentitySelector

I am proud to present a new version 1.0.1 of Kevin Miller's Firefox extension.

Firefox


You can find the XPI and the source code zip-archive on the Codeplex IdentitySelector release page. Please click the "IdentitySelector-1.0.1.xpi" link to install this extension into Firefox.

So, what's new?
  • privacyUrl and privacyVersion are now supported
  • the preferences page now allows to choose between CardSpace and the openinfocard id selector
  • the preferences button in the Add-ons window is disabled. Please use Tools->Options instead.
  • the target platform for this extension is restricted to WINNT_x86-msvc
  • the updateUrl is disabled for now
  • javascript errors in InformationCard.xml are fixed


Here are two pictures showing the preferences pages of the IdentitySelector extension and the openinfocard extension. Chuck's code to choose between CardSpace and openinfocard was moved from the openinfocard extension to the IdentitySelector extension:




If you use the openinfocard Firefox extension too, then please update to the latest version.

Please try it and report issues to me. I am now a coordinator for this project too.

Saturday, October 13, 2007

Internet Identity Workshop (IIW 2007b)

Internet Identity Workshop (IIW 2007b)
The registration is now open for the Internet Identity Workshop (IIW 2007b).

Dec 3-5, 2007
Computer History Museum
Mountain View, CA

Wednesday, October 10, 2007

openinfocard 0.9.8 release candidate

I just uploaded a new version of the openinfocard id selector to http://code.google.com/p/openinfocard/downloads/list.

It has

  • color coded card background
    • green - card has been sent to this site
    • yellow - card token type matches, but has not been sent
    • red - token type does not match
  • shows the privacy statement, if available
  • has checkboxes to choose optional claims
  • shows a warning on first time visits to a site
.




This should resolve some points from the interop feature list...

Having this done I hope that I can implement more interessting features...

Please try it out!

;rm -rf /usr/local/blogs/


Hope this post's title does no harm...
http://xkcd.com/327/

Monday, October 01, 2007

Firefox extension dependency

Some have noticed it: The openinfocard id selector currently seems to need Kevin Miller's id selector selector extension on some operating systems.

With Rob Richards help I was able to fix this. The openinfocard id selector now does not depend on Kevin Miller's extension anymore. This is important for "alternative operating systems".
The dependency wasn't really well documented. Sorry for that.

PHP Guru Rob Richards noticed a bug related to this. The chain of certs and the chainLength of the relying party were only intialized in the perpetual-motion glue and not in the openinfocard id selector's own object handling routine.

I fixed this in the latest 0.9.8 release candidate that can be downloaded here:
http://code.google.com/p/openinfocard/downloads/list

I am not sure whether we should stick to this dependency or revert to a self contained extension. Our own object handling was a little neglected in the last months; but it should be easy to spruce it up.

----------------------------------------------------

Rob Richards has an IdP and RP demo site too (no frills). I tried the openinfocard id selector there and it worked fine. You need to get a managed card here:
https://www.ctindustries.net/icard/index.php
That is because Rob's site uses it's own tokentype: http://cdatazone.org/preferences
Then navigate to his relying party to use that card.
https://www.cdatazone.org/demostore/index.php



The following image shows the lastest id selector in action at this RP.

Cards are now shown with background colors depending on their matching at the current RP. Red background denotes a not matching card. You might also notice the new checkbox in front of the claim(s). "checked and disabled" is a required claim. "unchecked and disabled" is an unwanted claim. "unchecked and enabled" is an optional claim. "checked and enabled" is an optional claim that was sent the "last time".
All this will be features of the next 0.9.8 version. This is not fully functional yet.