WordPress InfoCard integration code

Update:  There are now excellent community-based and commercial implementations of Information Card code for WordPress, php, ruby, “C” and other languages.  I've left this zip here for documentary and pedagogical purposes only.

 I've been wanting to share my experiences adding Information Card support to identityblog for quite a while now.  I just haven't had the time.

I started by publishing my work on building the necessary code for handling secure identity tokens.  But then I got interrupted with the necessities of life – like shipping Cardspace.

Anyway, now I'm ready to present my integration code.  Very little of it is unique to WordPress – it is really code that would in general apply just as much to any other piece of software.  Someone could easily factor my code so the interface is a little cleaner than is currently the case. 

When I had to actually alter wordpress files (only 3 of them), I just show the changes that are necessary.  You'll have to download the original files from wordpress to see what I'm talking about (version 2.0.4) in context (usually not necessary unless you are making the changes in your own version.)

Download my contribution here.  My assumption is that the root of this download is the same as the root of the wordpress directory. 

[WARNING:  DO NOT INSTALL THE WORDPRESS FILES  FROM MY ZIP INTO YOUR OPERATIONAL WORDPRESS DIRECTORY!  IF YOU WANTED TO USE THIS CODE, YOU WOULD NEED TO MANUALLY INTEGRATE THE CHANGES I HAVE MADE TO MY VERSION OF THE WORDPRESS FILES INTO YOUR VERSION OF THE SAME FILES..  THIS NO LONGER MAKES SENSE SINCE THERE ARE EXCELLENT (SUPPORTED!!) VERSIONS AVAILABLE. ]

The files all begin with “infocard” so they're easy to delete if you want to.

I'll be publishing a number of pieces explaining why I took the approaches it did.  I hope this will get some good, concrete conversation going.  The first in this series is uncharacteristically wordpress specific – don't get discouraged if you're looking for something more general.  It talks about how I approached changing the wp-login page.  I'm pretty sure that even people thinking about infocard-enabling other products will find some ideas here that help them out.

Like my previous work, you can use this code in whatever way you want.  My goal is to help as many people as possible understand, use and deploy information cards.

UPDATE:  Thanks to Samuel Rinnetmäki for pointing out the need to warn readers not to install “as is” in an operational directory – it had never occured to me they might do this…  I've edited the  ZIP to make this impossible (09-02-2008).

Giving identity thieves the finger

Jerry Fishenden has been posting about biometrics recently, and I'll comment on the issues over the next little while. But before we get there, just to put everything in perspective, here's a piece from the BBC, quoted by Jerry, that I missed when it first came out.

Police in Malaysia are hunting for members of a violent gang who chopped off a car owner's finger to get round the vehicle's hi-tech security system.

The car, a Mercedes S-class, was protected by a fingerprint recognition system.

Accountant K Kumaran's ordeal began when he was run down by four men in a small car as he was about to get into his Mercedes in a Kuala Lumpur suburb.

The gang, armed with long machetes, demanded the keys to his car. It is worth around $75,000 second-hand on the local market, where prices are high because of import duties.

Stripped naked

The attackers forced Mr Kumaran to put his finger on the security panel to start the vehicle, bundled him into the back seat and drove off.

But having stripped the car, the thieves became frustrated when they wanted to restart it. They found they again could not bypass the immobiliser, which needs the owner's fingerprint to disarm it.

They stripped Mr Kumaran naked and left him by the side of the road – but not before cutting off the end of his index finger with a machete.

Police believe the gang is responsible for a series of thefts in the area.

Note to self:  don't purchase technology based on retinal scans.

Future discussion:  not only “things you are” but “things you know” can ultimately expose you to harm.

P.S.  Who would ever buy an S-Class?

 

Dynamic detection of client dialect requirements

It seems I might not have found quite the magic recipe yet in my attempt to dynamically recognize whether you are coming from a July CTP or release candidate client.  “Close, probably, but no cigar.”

If you have any kind of problem logging in with an Information Card, please email me the output of this diagnostic.

“Funny, it worked on MY machines.” (From Programming Yarns, Volume 1, Chapter 1). 

Sorry for having been a little optimistic about my initial success.  A bunch of people had reported that things worked – and I prematureluy took that as meaning that they didn't NOT work. 

I'm still trying to sort out why some people are having problems.  So if you don't mind trying out and mailing in the diagnostic, I'd really appreciate it.

 

Upcoming DIDW

I hope everyone's going to Digital ID World (DIDW) next week. We'll start on Monday with an Identity Open Space Unconference (don't worry, Virgos, they're unstructured, but not without shape and self-revealing purpose). Once this gives rise to the main event, there are a number of sessions that look fascinating for identity afficionados – like “What Do the Internet's Largest Sites Think About Identity?”, a panel moderated by Dan Farber and featuring representatives of the large sites and a new presentation by Dick Hardt. There will also be an OSIS meeting – and of course, the endless hallway conversation.

I'm pairing up with Patrick Harding (from Ping Identity) on a Wednesday session called “Understanding InfoCards in an Enterprise Setting“. It will include a demo that I think will really help show the concrete benefits of InfoCards inside the enterprise. What can you expect? 

First, you'll see the latest version of Ping's InfoCard server, now featuring both Managed IdP as well as Service Provider capabilities. Ping's goal is to show how to seamlessly chain passive and active federation – allowing for on-the-fly privacy context switching.  They'll use real-world use-cases where passive federation gives way to active and vice-versa.

According to Andre Durand, Ping Identity's CEO:

“The Digital ID World demo will show two scenarios to depict how passive federation (via SAML 2.0 Web SSO Profiles or WS-Federation) and active federation (via CardSpace) can both play a role in enabling a seamless user experience for accessing outsourced applications. The plan is to demonstrate how passive and active federation work together to enable a myriad of different business use cases when chained together in different situations

“Scenario 1:

“An enterprise employee leverages her internal employee portal to access applications that are hosted externally. In the first case we show how SAML 2.0 Web SSO (passive federation) is used to enable seamless access into the SF.com web site. The user accepts this as part of her employment contract – the employer has deemed that the use of SF.com is critical to their business and they want no friction for their sales force in entering information for forecasting purposes.

“In the second case we'll show how CardSpace is used to ‘optionally’ enable seamless access into the employees Employee Benefits web site. As the Employee Benefits web site is made up of a mixture of personal and corporate information (i.e. 401k, health and payroll) the employee is given the choice of whether to enable SSO via the use of CardSpace. The Employee Benefits web site is enabled with CardSpace. After the user clicks on the ‘Benefits’ link in their corporate portal, she is prompted with different Cards (Employer and Benefits) which she can then choose between for accessing the Benefits web site. If she chooses ‘Employer’ then she will be enabled with SSO from the Corporate Portal in future interactions.”

By the way, Andre, please tell me there's some way for her to change her mind later!

“Scenario 2:

“An enterprise employee is traveling and loses her cell phone. She uses her laptop to access her corporate cell phone provider in an effort to have the phone replaced immediately. The employee would normally access this web site via SSO from her corporate portal. The cell phone provider web site is enabled with Card Space to simplify the IdP discovery and selection process. The employee is prompted to use her Employer card to authenticate to her employer's authentication service. The cell phone provider web site leverages CardSpace to handle IdP Selection rather than having to discover this themselves. Once the user has authenticated to her employer the returned security token contains the relevant information to service the employee's request for a new cell phone.”

It all sounds very interesting – amongst the first examples of what it means to have a full palette of identity options.  Ping is emblematic of an emerging ecology – many of us, across the industry, moving us towards the Identity Big Bang.

Doc Searls will be doing the closing Keynote.  I'm really looking forward to that and to seeing you in Santa Clara.

Can namespaces survive name changes?

Arcadian Vision, an interesting place created by a person (I'm not sure who…) with deep knowledge of Ruby, thinks the namespace change problem I explained earlier today could have been avoided if we were using namespace schemes with a “little more indirection”. His thinking seems to spontaneously head in the same direction as Drummond Reed's.

Kim Cameron writes about namespace changes relating to Microsoft’s Cardspace initiative. The explanations offered sound good, but it’s hard to not be somewhat annoyed if you’re the one patching your code as a result of this change. This also reminds me of a few unconnected experiences that revolve, at least somewhat, around the permanence of URIs. URIs used to denote namespaces often (typically?) aren’t actually valid URLs. They specify a transfer protocol, but they’re not actually meant to be used with that protocol (e.g. they don’t link to documentation about that namespace). It seems to me that this is doubling the burden on a mechanism that isn’t necessarily appropriate. I suppose the argument goes that you control your domain, so you can split that resource among its various responsibilities. Sounds shaky to me, but let’s see where it leads us.

He reaches the conclusion:

So when I put it all together, I’m using my domain name to identify namespaces that are potentially distinct from the content served up via HTTP from that domain. I’m also using my domain name to locate information that isn’t intrinsically related to my domain. I think there’s a blog in there, too. Personally, I’m going to closely watch Google Base to see if it catches on. I could host my own data but have a unique Google Base identifier for it that I can edit to reflect changes in where I’m keeping my data. So how about rather than using a URI to identify my namespace, I identify it as this, which is a unique identifier, can be annotated with relevant metadata (like a link to documentation), and won’t screw anyone else up if I change the URL of my website.

I find it interesting that someone would think of using Google Base as a kind of XRI.  That's pretty far out of the box.  I can hear schema-addicts writhing in pain, but no one can argue with the simplicity of Arcadian's scheme.

Regardless, I think the case of whether to put InfoCard claims under “xmlsoap.org” or “microsoft.org” turns on a different set of issues.  I think the move makes a statement – that is a part of the essence of the InfoCard system – about the cross-industry character of the technology.  In other words, the semantics of the work are becoming richer as a result of the move.

In terms of using Google Base and names like http://base.google.com/base/a/1354745/D5640690229463248432 , doesn't that have a fixed root too?  Arcadian ends up still being tied to a domain-based system, and the more he goes down this path, the more he will find himself becoming dependent on the domain.  If his approach were to become popular, everyone would be making themselves progressively more dependent on a single namespace with a commercial purpose and future – a course one shouldn't adopt without careful thought.

Arcardian should look at Drummond Reed's work before adopting conventional search engines for this particular purpose.  It introduces a framework of persistent identifiers that sit behind transient namespaces, and provides a mapping service with, as I understand it, no central commercial owner.  In other words, the indirection is offered through a new commons.  You can get an intro here and here.

 

Namespace change in Cardspace release candidate

Via Steve Linehan, a pointer to Vittorio Bertocci's blog, Vibro.NET:

In RC1 (.NET framework 3.0, IE7.0 and/or Vista: for once, we have all nicely aligned) we discontinued the namespace http://schemas.microsoft.com/ws/2005/05/identity, substituted by http://schemas.xmlsoap.org/ws/2005/05/identity. That holds both for the claims in the self issued cards (s-i-c) and for the qname of the issuer associated to s-i-c. If you browse a pre-RC RP site from a RC1 machine, you may experience weird effects. For example, like the Identity Selector claiming that the website is asking for a managed card from the issuer http://schemas.microsoft.com/ws/2005/05/identity/issuer/self no longer recognized as the s-i-c special issuer. Note that often is not a good idea to explicitly ask for a specific issuer 🙂

 If you want to see a sample of this, check out the updated version of the sandbox.

Why this change? As you may know, relying parties specify the claims they want the identity provider to supply (for example, “lastname” or “givenname”) using URIs.

Everyone will agree that the benefit of this is that the system is very flexible – anyone can make up their own URIs, get relying parties to ask for them, and then supply them through their own identity provider. 

But a lot of synergy accrues if we can agree on sets of basic URIs – much like we did with LDAP attribute names and definitions.  

Given that a number of players are implementing systems that interoperate with our self-asserted identity provider, it made sense to change the namespace of the claims from microsoft.com to xmlsoap.org.  In fact this is an early outcome of our collaboration with the Open Source Identity Selector (OSIS) members.  Now that there are a bunch of people who want to support the same set of claims, it makes total sense to move them into a “neutral” namespace.

While this is therefore a “good and proper” refinement, it can pose a problem for people trying out the new software:  if you are using an early version of Cardspace with self-issued cards that respond to the “microsoft.com” namespace, it won't match new-fangled claims requested by a web site using the “xmlsoap.org” namespace.  And vica versa.  Further, the “card illumination” logic from one version won't recognize the claims from the other namespace.  Cardspace will think the relying party is looking for specialized claims supplied by a “managed card” provider (e.g. a third party).  Thus the confusing message.

After getting some complaints, I fixed this problem at identityblog: now I detect the version of cardspace a client is running and then dynamically request claims in either an old dialect or the new one.  I would say people would do well to build this capability into their implementation from day one.  My sample code is here.

Kim Cameron and DRM

Ben Laurie thinks I was damning digital rights technology when I complained about not being being able to burn some of the Modern Times songs I had paid for and downloaded. He writes:

“Kim’s got all steamed up over iTunes’ DRM.

“Perhaps a better target for his vitriol would be his own company’s DRM, which will not only prevent you from burning stuff to CD, it’ll even remove your right to play it after you’ve purchased it.”

Why?  The parties to a transaction may feel fine about a contract limiting the number of times content can be burned or played.  I have nothing against that.  Let a thousand flowers bloom.  I'm not against technological capabilities, if they are reliable and people want to use them.

But I went to iTunes for two reasons.  First, it had the album that I wanted to burn to CD.  Second, its policy said you can burn your downloaded songs onto CD seven times.

If iTunes had announced more draconian rules, I just wouldn't have gone there.

The problem is that some of the songs were not covered by the announced policy. 

Some have argued the tracks in question aren't songs, they are “videos”. 

I still think they're songs even though you can see Dylan's mouth moving.  At any rate, for four titles – that I also paid for – the sound of Dylan and his band is now caged up inside  iTunes’ proprietary environment.  I can't burn them.  And I can't hear them in my car, on my stereo, or on my television.  I have to use the iTunes application.

Selling me songs and then saying they're not songs and that they're bonus items is really the pits.  iTunes songs cost $1.00 each.  There are 10 songs on the album that can be burned to CD (cost of that is $10.00).  But I paid $14.00.  So the extra songs are not a bonus – they're charged at the same rate as all the other songs – but can't be burned.

All of this is what leads Cory Doctorow to ask if there is a two-tiered music distribution system emerging, and I think it's a very good question.

Music that can only be played on a television.

Julian Bond takes Cory's “new business model” thinking even further:

Cory has been talking about : Kim Cameron having trouble with missing tracks from Bob Dylan's CD “Modern Times”

There's another way to get Modern Times and burn it to a CD: you can buy it from AllOfMP3.com

But go here and you'll find AllOfMp3 only have the 10 tracks off the Audio CD. Not the 4 tracks off the DVD.

I think we're going to see more and more of this. A CD packaged with a DVD containing videos of additional tracks. Ripping the audio from the DVD's videos is considerably harder than ripping a CD to MP3. And it opens up an avenue for the record companies (and by implication iTMS) to change the rules.

To a certain extent I admire this. It's a way of making the physical object worth more than the digital download. But it can also be seen as yet another example of DRM. In this case, the stronger DRM present on a DVD than the unprotected audio CD. The big downside of course is that the DVD is only playable on a DVD player. Which for many will mean no playing in the car, on a portable CD player or on the average stereo. That seems quite a strange idea. Music that can only be played on a television.

A two-tier music distribution system?

Just when I was getting over being traumatized by a glitch in the iTunes user interface, Cory stirred me up again.  Good thing that the tracks I can actually play on my stereo are so wonderful.    

If you buy the latest Bob Dylan album from the iTunes Music Store, be prepared to lose four of the tracks when you burn it to CD. Four of the tracks on “Modern Times,” which is only sold as a whole album on the iTMS, are only made available as video files, and iTunes isn't designed to allow you to burn the audio portion of a video when you burn your CD.

The CD version of “Modern Times” comes as a 14-track disc that includes the audio of the four iTunes videos; also included with the CD is a DVD carrying the four videos. In other words, if you buy the packaged good, you get the audio and the videos for the final four songs, if you buy the iTunes Store version, you only get the un-burnable videos for them.

I got this information from Amazon and I suspect Cory did the same.  But I haven't actually seen the molecular product, which is confusing because there are two versions as well, so maybe the same problem of unrippable music exists there.  It doesn't change much, despite what deadlocked says. 

The iTunes experience is lauded for its consistency and fairness, and for the ease with which iTunes customers can convert their purchased songs into MP3s. But this is a dramatic failure of the consistency, clarity and ease of iTunes.

First, when you attempt to burn the album (with the video-files, which are only distinguished from the audio-files by a small, obscure grey icon) to CD, the iTunes error message says only that the files “cannot be burned to an audio CD,” which led Kim Cameron, an experienced computer user and IT executive, to conclude that the files were locked — an error stating that these were video files would have been clearer.

A really confusing user interface

You know, Cory's right. I am an experienced computer user. And I was really confused. Maybe I'm being punished for the people I've confused with some of my own early interfaces?  I sure didn't liken any part of this experience.

Second, the whole Modern Times package defeats the simplicity of the iTunes pricing model — $0.99/track for any track. While the $14 price-tag gets you 14 “tracks,” it's not possible to buy singles from the disc, nor is there any discount for buying the whole CD instead of a tack-by-track purchase. And since four of the tracks are not “music” in the sense of being burnable and rippable, you're really paying more on a per-track basis. Remember the outcry when Edgar Bronfman, Jr threatened to raise the cost of some iTunes songs and lower the cost of others? Here we have a similar kind of differential pricing sneaking in via the back-door.

Finally, here's a way in which buying iTunes tracks creates real long-term lock-in to iTunes and iPods: since iTunes videos are locked to the Apple platform, and since the only way to get any of Modern Times through iTMS is to pay for these videos, Apple and Dylan are slyly adding some lock-in to the user experience without any explicit statement about it.

Apple could make this much better by offering both the videos and the audio, or by patching iTunes to allow for burning of the audio portion of videos. But better still would be to turn off the DRM altogether. There's another way to get Modern Times and burn it to a CD: you can buy it from AllOfMP3.com, a service of disputed legality, for a fraction of Apple's pricing. Or you can download it from a P2P network. Apple's offering costs more and does less than its competitors’. How can this possibly be good business-sense?

Well, there is one way. By providing crippleware files, Apple makes it harder to switch to a competing portable player. And by giving Apple permission to cripple his music, Bob Dylan makes it harder for his fans to change to a competing service, which in turn makes it harder for Dylan to re-negotiate his own deal with Apple. Let's hope that Apple's interests and Bob Dylan's interests remain identical forever, then, for his sake.

Enough on iTunes and Modern Times

Now it appears Amazon had it wrong all along.  Apparently Disc 1 of the molecular version is missing the songs in the four videos as well.

Even in BrickAndMorterville you can't put the soundtracks of the DVD onto a CD because that would break other, more draconian, DRM.

So I guess I'm just supposed to accept the fact that I can't get all the songs (regardless of the format they came in) onto a CD – even though I have bought them.

Videos apparently aren't songs, although people are singing, so it's OK if they're trapped inside their iTunes cage.

That's life in Modern Times.