Last night I was pointing out to Drummond that the selector could easily have a X.509 cert/keypair that is used to back the authn card for the store.
Axel I think the idea is under consideration for a future design but people want to get something out the door quickly.
John Bradley On 26-Mar-09, at 5:42 AM, <[email protected]> wrote:
Regarding 2. and [2] from the latest Agenda email and last weeks email regarding CardSync:"GET Cards" is only one example of the many bad decisions from http://wiki.eclipse.org/CardSync_Protocol Most methods/calls described in CardSync_Protocol reinvent the wheel! Another example: AuthCredential - "/AuthCredential" SignonYou are posting a usernamePasswordAuthCredentialTO but this is sö 90ties...The selector accessing the cardstore in the cloud is just a rich- client that needs an access token to access the cardstore. So the way this MUST be achieved to adhere to the overall Higgins goals is: - send a security token request to the cardstore idp and retrieve a security token. Authenticate to the IdP using what ever method it accepts but use the standard RST for this. - use that security token in to access the cardstore (RP) to e.g. retrieve the cardsThe difference between the data exchanged in the Signon example and the standard RST is minimal. And Higgins already has all the code needed to do it the standard way.-Axel -----Ursprüngliche Nachricht-----Von: [email protected] [mailto:[email protected] ] Im Auftrag von Alexander YuhimenkoGesendet: Donnerstag, 19. März 2009 15:28 An: [email protected]Betreff: RE: CardSync was: [higgins-dev] Agenda for Higgins developer callMarch 19Hello,GET /cardsync/rs/Cards was implemented just for FC2 demo, it's temporary method due to i didn't finish method which return all changes (ICards, Card history, Card categories, ...) from server between client and server root revisions.if you think "GET Cards" is useful, i may re-implement it by using RoamingStore and card extension for transferring CardSync specific data (Revsion information etc) or without it.I'm sure, CardSync should be compatible with "Identity Selector Interoperability Profile" as much as possible, but it will not be clear/easy always usage extensions for transferring CardSync specific data, so CardSync have to define own schema.it may make sense to support few methods for importing cards from Crd/Crds files and getting them, for example some Card selectors would use CardSync like on-line backup service with minimal changes.-- thanks, Alexander Yuhimenko From: "[email protected]" <[email protected]> Date: March 19, 2009 4:31:56 AM EDT To: "[email protected]" <[email protected]>Subject: CardSync was: [higgins-dev] Agenda for Higgins developer call March 19 Reply-To: "Higgins (Trust Framework) Project developer discussions" <[email protected] >Sorry for chiming in late but why do you define your own cardstore xml inhttp://wiki.eclipse.org/CardSync_Protocol ? Why isn't the response to GET /cardsync/rs/Cards HTTP/1.1 a RoamingStore as defined in identity.xsd ? http://schemas.xmlsoap.org/ws/2005/05/identity/identity.xsdThere are enough extension points in the schema if you need extra data and if you do not want to use some required value then like BackgroundColor then set them to 0.-Axel ------------------------------------------------Von: [email protected] [mailto:[email protected] ] Im Auftrag von Paul TrevithickGesendet: Donnerstag, 19. März 2009 05:19 An: higgins-dev Betreff: [higgins-dev] Agenda for Higgins developer call March 19 Logistics Time: noon Eastern Dial-in: 1-866-362-7064 / 89-2048# Agenda 1. [Brian] 1.1M6 - was targeted for March 18 See [1] 2. [Brian, Alexander, Andy] Selector Architecture Harmonization See [2]Andy didn't quite get the Synchronizing CardStore done; may need to hand this off to another developer3. [Mary, Jeesmon, Jochen] Current status of RCP Selector use for EclipseCON demo4. [Markus] IdAS Authentication Markus is working on a proposal [4] 5. [Paul] Higgins website improvements [3] There are 6 items to discuss2.1 Flatten Solutions into the 3 solutions areas (nav structure change)2.2 Reorganizing Solutions 2.3 Eliminate "Higgins Data Model" (nav structure change) 2.4 New solution names 2.5 New component set names 2.6 New Downloads PageUpdated home page implementing (2.1, 2.2 and 2.3) is available in the staging area [5]6. [Paul] FC2 Higgins Workshop Mar 11-13 in Paris We demoed the Selector Linux-GTK reading/writing cards using CardSync FC2 member (Orange) has developed a selector for Nokia J2me phone FC2 has also developed a web selector7. [Paul] Propose merge web ICM and the Web Selector together into a single solution8. [Paul] CardSync JohnB's authentication idea (use personal card)Should we use it as the one and only CardStore API for the Higgins selector? This was discussed briefly last week in Paris. Perhaps a simple core protocol and then extensions.9. [Paul, Markus] All Selectors diagram [6] Discuss if diagram is correct WRT process boundaries (as noted in [6]) [1] http://wiki.eclipse.org/Higgins_1.1M6 [2] http://wiki.eclipse.org/Selector_Architecture_Harmonization [3] http://wiki.eclipse.org/Higgins_1.1_Plan#Website [4] http://wiki.eclipse.org/Authentication_Materials [5] http://www.eclipse.org/higgins/ver2/index.php [6] http://wiki.eclipse.org/Selector_Overview#H1.1_All_Selectors _______________________________________________ higgins-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/higgins-dev _______________________________________________ higgins-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/higgins-dev
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ higgins-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/higgins-dev
