More Details on Ping's InfoCard Toolkit

Here's some info hot of the press – or rather, hot off the Ping Toolkit's readme.

The SourceID InfoCard STS Toolkit for Java is a library and simple framework for writing server-side applications which interact with the Microsoft InfoCard identity system (InfoCard is itself also still a work-in-progress as of this writing).

Microsoft InfoCard is an identity system scheduled for inclusion in Windows Vista (a.k.a. Longhorn), with a possible release for Windows XP to follow. It allows users to create identity information cards (“InfoCards”)–and/or collect signed cards from third-party Identity Providers–and use them to provision accounts and/or instantly sign in to web applications(via browser) and web services (via SOAP clients)…

Status

Currently, the SourceID Java library is a work in progress and is not fully
functional, in an interoperability sense, with any published Microsoft software.

It represents early work done privately with Microsoft in advance of the Digital ID World demonstration (May, 2005), and further work into trying to interoperate with the Indigo Beta for Windows XP (which contains some InfoCard code as well).

SourceID will be targeting another release of the InfoCard STS Toolkit after the Beta 2 release of Windows Vista (a.k.a. Longhorn), which we assume will be in Q4 2005. The InfoCard backplane in Vista will be more mature by that time and more ready to interoperate with non-Windows implementations such as this toolkit.

In the meantime, please treat this release as an “early preview” demonstrating some concepts and code on the path to a full InfoCard STS for Java.

Toolkit and Architecture

Thorough architecture and usage documentation will be ready for the next release of this toolkit. In the meantime, the following will serve as a quick guide.

Microsoft InfoCard makes heavy use of the WS-* family of Web Services specifications, including:

WS-Security
WS-Security SAML Token Profile
WS-SecureConversation
WS-MetadataExchange
WS-Policy

The goal of this toolkit is to be able to build a Web Service (and ultimately browser-based applications as well) that is capable of requesting and receiving InfoCards from an InfoCard-enabled client.

To achieve this, the framework leans upon existing work done by the Apache foundation. In particular, the following tools and systems are used in this project:

- Apache Tomcat v5.5.7
- Apache Axis for Java v1.2
- Apache XMLBeans v2.0.0
- Apache WSS4J

With the complete InfoCard STS Toolkit for Java, developers will eventually be able to create Web Services (on top of Axis) and/or web applications (servlet-based) which can seamlessly and automatically request and handle InfoCards (of any variant) from InfoCard-enabled clients.

Conclusion

Please check this project again for updates to this toolkit, with a more complete (and documented) API and the ability to interact in a useful manner with published Microsoft software (though we assume that Microsoft's InfoCard implementation will likely still be in beta form at least into 2006).

[tags: , , , ]

Published by

Kim Cameron

Work on identity.