{"id":430,"date":"2006-04-15T08:41:12","date_gmt":"2006-04-15T16:41:12","guid":{"rendered":"\/?p=430"},"modified":"2012-11-01T11:51:11","modified_gmt":"2012-11-01T11:51:11","slug":"simple-infocard-tutorial-and-demo","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=430","title":{"rendered":"SELF-ISSUED INFOCARD TUTORIAL AND DEMO"},"content":{"rendered":"

THE ENCRYPTED TOKEN<\/a> \u00bb<\/p>\n

A SELF-ISSUED INFOCARD TUTORIAL AND DEMO<\/a><\/p>\n

This tutorial includes a demo, an explanation of how Self-Issued InfoCard identity tokens work, and sample PHP code allowing you to accept\u00a0these tokens at a web site.<\/p>\n

\"\"<\/a>One of the key goals of InfoCard and the Identity Metasystem is to\u00a0put the release of identity information under the direct control of computer users.\u00a0\u00a0At the same time,\u00a0the system respects the right of a web site\u00a0to say what information it requires to\u00a0grant entry.\u00a0\u00a0The accompanying demo\u00a0shows how\u00a0InfoCards help bring the two sides of this equation together in a way that accords with the Laws of Identity<\/a>.<\/p>\n

Information Card technology can be used to manage the exchange of any kind of token.\u00a0 CardSpace&#39s self-issued tokens use the SAML format.\u00a0\u00a0With this format, identity information\u00a0sent to a site\u00a0is “signed” to guarantee that\u00a0it really comes from\u00a0whoever originates the “claims” in the identity token.\u00a0 Then, to protect the user&#39s information during release, it is encrypted so only that site\u00a0can get at it.<\/p>\n

How\u00a0can the identity provider\u00a0encrypt the information\u00a0destined for\u00a0your web site?\u00a0 You need a public key and certificate.\u00a0 In the current version of InfoCard this has to be an SSL certificate (mine cost me\u00a0under $20), and your web server\u00a0needs to be able to support https.\u00a0 Identity tokens\u00a0sent to you will be\u00a0encrypted under the same key\u00a0your system\u00a0uses for https.\u00a0 If people need help with this, let me know and I&#39ll add instructions to this tutorial.<\/p>\n

\"\"I\u00a0wrote my\u00a0sample code\u00a0in PHP 5\u00a0(I had a 4.2 version running at one point, but didn&#39t want to keep two versions going).\u00a0\u00a0If you wonder why I chose PHP, I wanted\u00a0it to be clear\u00a0that InfoCards are not\u00a0Windows-specific.\u00a0 You need to make sure your version of PHP has the\u00a0mcrypt<\/strong> and openssl<\/strong> libraries\u00a0enabled.\u00a0\u00a0(By way of\u00a0example, these libraries are\u00a0part of the\u00a0default\u00a0environment at TextDrive<\/a>, my\u00a0excellent web site host.)<\/p>\n

I would suggest you approach this tutorial as follows:<\/p>\n

    \n
  1. Watch the demo.\u00a0\u00a0Use this version<\/a>\u00a0for Windows Media Player.\u00a0 (If your system complains that it requires the Techsmith Screen Capture Codec [TSCC], pick it up here<\/a>.)\u00a0 If you can&#39t use TSCC, try the much\u00a0fatter Quicktime version<\/a> (doubleclick on the demo to start it).<\/li>\n
  2. Learn about the Encrypted SAML Token<\/a>, and then how to decrypt it<\/a>\u00a0to\u00a0reveal the\u00a0signed token.<\/li>\n
  3. Learn about the Signed Token<\/a>, and how to verify it<\/a>.<\/li>\n
  4. Look at the sample HTML page and mainline<\/a> that constitutes the demo.<\/li>\n<\/ol>\n

    You can download the sample PHP files here<\/a>\u00a0(I updated them to V3 in June 2007 to make the code compatible with the shipping version of Vista, and at the same time embrace the new OASIS claims names.)<\/p>\n

    I&#39ll be evolving this work over the next little while, so let me know about anything that is unclear or not pitched at the right level.<\/p>\n

    People have asked if I&#39ll be\u00a0putting this tutorial\u00a0into .pdf format.\u00a0 I will, once I&#39ve\u00a0received a bit more feedback.\u00a0 In particular, I&#39m hoping some PHP gurus will look things over – this is my first PHP project.<\/p>\n

    I&#39ve also been asked\u00a0what intentions I have for this code. My only goal is to share information as widely as possible.<\/p>\n","protected":false},"excerpt":{"rendered":"

    THE ENCRYPTED TOKEN \u00bb A SELF-ISSUED INFOCARD TUTORIAL AND DEMO This tutorial includes a demo, an explanation of how Self-Issued InfoCard identity tokens work, and sample PHP code allowing you to accept\u00a0these tokens at a web site. One of the key goals of InfoCard and the Identity Metasystem is to\u00a0put the release of identity information … Continue reading SELF-ISSUED INFOCARD TUTORIAL AND DEMO<\/span><\/a><\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2,1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/430"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=430"}],"version-history":[{"count":2,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/430\/revisions"}],"predecessor-version":[{"id":1233,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/430\/revisions\/1233"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=430"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=430"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=430"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}