My day job has conspired with the holidays to play havoc with my blog over the last while.
What can I say? Maybe something good will come out of it. At least those of you who subscribe to my feed got a bit of peace and quiet! And I feel rested and relatively renewed. I missed writing.
At the same time, there were many exciting identity-related developments that came to my attention but which I wasn't able to pass on. Sorry about that. There was simply no way to “do everything simultaneously all at once”.
But on the positive side of the balance sheet, I was able to complete some work on how Cardspace actually behaves over the wire.
I've put together a PHP implementation of the Identity Provider end of things which I hope will help better convey, in a cross-platform fashion, what is possible with the identity provider paradigm and how Cardspace actually uses the WS protocols. I hope this, in conjunction with some important new documentation by Arun Nanda, will aid in the development of other compatible InfoCard implementations.
All that remains is to write about all this stuff. So, here we go…
Hey, welcome back Kim. I missed you in NYC with Curt and the gang and was beginning to think your eye had gotten the better of you. Hope you're feeling better. Don't forget you've been Blog-Tagged:
http://francisshanahan.com/detail.aspx?cid=526
Happy New Year.
Hi Kim, I just tried out your login and it worked great!
However while I was creating my card I noticed that when
you click browse to add a picture to your card there is a short space of
time where you can actually access the desktop.
If you're quick you can even open up task manager.
Is this something that is intended and could it be a possible security flaw?
Kim, I have tested your PHP sample with a Linux server and CardSpace on my Windows XP but I got the message: “This site requires a managed card that you don't have…”. I was trying my self-issued card. Am I misiing something?
Hernan – please download the code sample again. I updated one file (infocard-demo.php) to use the new OASIS claims names rather than the original experimental microsoft-specfic claims names present in the previous version of this file.
The OASIS compliant version of CardSpace shipped with .NET 3.0 and Vista, so when you use this version of CardSpace with a relying party asking for the old microsoft-specific claims, the selector thinks the relying party wants a managed card of some kind.
Thank you Kim, that worked just fine.
My next challenge was to figure out the PRIVATE KEY from my site and place it in your PHP code sample. Affter further reading (and William Tay's comments) I managed to get using:
– openssl rsa -in .pem > privatekey.out
and paste the privatekey.out output in the PHP sample.
It worked as a charm. Thanks again,