Monday, December 10, 2007

http header: X-ID-Selector

There is currently a discussion how and if a browser should indicate the presence of installed id selectors. I am against "polluting" the user-agent string.

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506)

This indicates only that .NET3 is installed, it does not tell the relying party whether CardSpace is active or disabled.

I prefer that the id selector adds a HTTP header e.g. "X-ID-Selector" to the HTTP requests.

This is easy to implement; so I did it for the openinfocard id selector (xmldap-0.9.9-200712102230.xpi).

Here is a screenshot of the livehttpheaders recording of a visit to a relying party:

In the sidebar you can see the "X-ID-Selector: openinfocard" header.

BTW: Here follows a probably not very known description how to disable application/x-informationcard handling in IE7.

Open this preferences window and click "manage add-ons".

Next select "InformationCardSigninHelper Class" and disable or delete it. This does not change IE7's user-agent string.

No comments: