Last month I wrote about a managed card demo in an entry called
Managed Infocard Demo and had supplied the
code used to create the managed card. Most people who read this blog already are aware of the xmlseclibs library I wrote. There is, however, a missing piece to the managed code example I had posted, which I am finally getting around to talking about. It is the
Infocard Managed library file (icard_managed_lib.php). This library provides the functionality needed to create a managed card that a user can download and install. The actual consumption of a managed card is handled by different code that I will eventually get around to talking about in the coming months. As you might guess from the amount of time between my entries, free time is not something I have a lot, so things are a little slow going.
The library is still a work in progress as it doesn't implement every feature (i.e. currently only adding support for username authentication exists), but is a good starting point for someone wanting to create managed cards in PHP. The library contains a number of classes, making it a bit more logical when constructing a card. The include:
ICard - This class is the container for the managed card. Using this class, you set all the various aspects of the card, such name, identifier, claims, services, etc... This class is used to assemble the managed card which is then embedded within an XML Signature.
ICardClaimType - Used to set the URI, name and description of the supported claims. As you might notice in my
example code, I created my own claims having the URI - http://cdatazone/preference, the name - preference, and the description - Category Preference.
ICardEndpoint - Used to set the location of the Identity Provider (IP) and the Metadata Exchange service (MEX). It also provides the mechanism to add the identity certificate of the IP.
ICardUserCredential - Class to setup the authentication used with our managed cards. Currently only username/password authentication (ICardUserCredential::UsernamePasswordCredential) is supported, but extending this would not be extremely difficult.
ICardTokenService - Used to group the ICardEndpoint and ICardUserCredential objects together as a single service. This is necessary as multiple services (ICardEndpoint / ICardUserCredential combinations) are supported.
ICardSAML - Used to create a SAML 1.0 document. Currently used further on when I demonstrate the interaction of an Infocard selector with an IP.
Using these classes, required libraries, and the
previously discussed example code, you should be able to easily create managed information cards using PHP. I will continue to work on the library on and off, so if you decide to use it, make sure you check back intermittently for any updates.
Over the next couple of months, I will go into further details on working with managed cards in PHP. Now that you can provide end users managed cards, you still need to provide the mechanism for users to retrieve the underlying information as well as consume this data once it is passed to your application. This, however, will have to wait until next time.
Source Code:
Infocard Managed library (icard_managed_lib.php) - version 1.0.0.
example code - demostrates library usage.