I finally finished putting together a demo of a system using the PHP code I wrote for Managed information cards. Other than the minor problem I previously had with namespaces, getting it working with Cardspace was simple. The xmldap selector, on the other hand was not so simple (more on that in a separate entry). Anyways, after having been first introduced to infocards, I envisioned a system where I would be able to surf the web maintaining my anonymity, yet still be able to achieve some personalization on sites. Sounds a bit like an oxymoron, but let me explain.
My surfing experience is pretty bleak. I use anonymous proxies to shield my IP. At most I only accept cookies during a session. I wont register with a sites unless I have some specific reason, and I wont give a site information (requiring another login mind you) just so they can tailor the site to my interests. I don't really care about the social networking sites - though I've tinkered with LinkedIn so dont have much of linkability. Software cleans up any non-trusted cookies and scrubs the disk each time I shut down the browser. I am probably the thing marketing people hate the most.
Now, when I was first exposed to this technology, I envisioned the possibility that I could pass some of my personal preferences to a site I was visiting, allowing them to tailor their site to me, all the time then not knowing or having any further information (no email address, no username/login, etc...), simply just a list of things I am interested in. While creating my libraries in PHP for an identity provider, I decided to create a working demo of what I envisioned. I went so far as to create the identity provider on a different domain than the relying party.
Getting a Managed Card:
How this system works. You first need to register at
https://www.ctindustries.net/icard/index.php. Registration simply involves setting up a username and password (in order to retrieve the card and manage the account) and selecting from 1 to 3 of the listed categories you are interested in. Once you have successfully saved this information, you can then click on the Retrieve Managed Card link to download and/or install the managed card. Although I set a custom type, I decided upon SAML to convey the claims.
Using the Card:
The relying party side resides at
https://www.cdatazone.org/demostore/index.php.
When not logged in, the system will randomly select 3 categories for you and then randomly display the top 3 items for sale within those categories. This is done leveraging the
Yahoo! Shopping API. Each time you refresh the page the results will either be displayed from a local cache or are fetched and cached. (So Please be patient if it takes a few seconds making remote requests behind the scenes).
When logging into the demo system, the identity selector will retrieve your previously selected categories and pass them to the system. These results you now see are based on your personal categories rather than the system randomly picking them for you. Each time you refresh the page the results returned will only come from one of your categories.
Now, I really don't know how feasible of a use of information cards this really is, but it something I really wanted to see if possible and the reason for this demo. I will be releasing the code over the next week. I am currently debating whether to use native ext/soap, so all conditions (like errors) are handled properly or just leaving the code as is (some XML build on the fly and some embedded within soap structures). Until then, I am at least providing the code used to create the managed card, which in turn uses my new library code:
createcard.phps
Last month I wrote about a managed card demo in an entry called Managed Infocard Demo and had supplied the code used to create the managed card. Most people who read this blog already are aware of the xmlseclibs library I wrote. There is, however, a missi
Tracked: Aug 21, 09:50