[wsf-dev] ECP test harness

Scott Cantor cantor.2 at osu.edu
Fri Mar 14 14:43:51 PDT 2008 

> The only thing I can see doing at this point (which is in progress)
> is this:

Well, what Conor's describing (and I imagine what Sampo meant) is clearly
the simplest way to build the client. The fact that it isn't what I had in
my mind doesn't mean they're wrong.

> when I get an AuthnRequest from the SP, I check the IsPassive attribute
> 
> if it is true, the SP better have given me an IDPEntry that I can
> auth against ... because the spec prevents me from interacting with
> the user AT ALL ... (unless I have already chosen to associate a SP
> with a specific IdP by some other means ... read on)

I would assume the user would set a default to use, that shouldn't be a
barrier.

> 1. ProviderID
> 2. Human-readable Provider Name(optional)
> 3. ECP/SSO login url
> 4. (meta-data?)(certificate?)(uid & encrypted password?)
>     (about this part ... I may just have 3 radio buttons w/ a
> <textarea> widget to store the contents ... user is free to get it
> wrong)

I would think the first three are the trivial way to address it.
 
> I know the " User collected list " is outside of the scope of the ECP
> profile, but I need to be able to have the ability to test against
> multiple IdP's ...

It's outside the profile, but I think it's presumed.

> I plan on using the Password Manager in Firefox, to store encrypted
> passwords, but I presume I can store uid's and certificates sans
> encryption ... they are public domain ... yes?

I would hope that's an option. The password manager in Firefox is seriously
broken, so that isn't something anybody should require just to use the
plugin.

You shouldn't need the certificate for any reason I can think of unless you
were talking about the kind of advanced thing that I was totally off-base
about.

> There is some documentation on how to get Firefox to relay SmartCard
> insertion events, so I assume that by using the method I have in
> mind, that I'll be able to extend the functionality to SmartCards
> with little modification (... well ... without re-writing everything...)

Well...maybe. Comes back to how that interacts with the IdP. 

-- Scott

More information about the Wsf-dev mailing list