informationcardruby Wiki & Documentation Rss Feed

UPDATED WIKI: Home

joepoon — Fri, 06 Jul 2007 00:24:29 GMT

Project Home Page

For everything Information Card Ruby, visit http://www.informationcardruby.com

What is Information Card Ruby?
Information Card Ruby provides a rails plugin and supporting library for integrating personal information cards to your Ruby on Rails relying party web application. In the Identity Metasystem, an application that requests and consumes digital identities about an individual is called a relying party. As we develop and learn from this project, Information Card Ruby will generate a developer guideline for integrating information cards to your rails website, much in the spirit of Accepting Information Cards to your ASP.NET site - if we have done the plugin right, this guideline will be short and sweet.

Project Contributors
Information Card Ruby is an open source collaboration project driven by:
Microsoft and ThoughtWorks.


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

Scope
To keep things simple, Information Card Ruby will only address personal information cards and SAML security tokens, as generated by Windows CardSpace.

Technical Notes
To use cardspace with your rails application, you need the following:

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

Feedback
We believe in short feedback loops. We want to deploy often and always know the status of our codebase. So, we have a live server which will run the latest codebase and a continuous integration server to tell us who to thank for fixing the build.

A live demo can be found at: https://www.informationcardruby.com/forums
The cruisecontrol.rb server can be found at: http://cruisecontrol.informationcardruby.com

More importantly, let us know what you like and even more importantly, what you don't like!

Where's the code?
The code resides at RubyForge under the project Information Card.

CodePlex and RubyForge
In bringing together platforms and technologies (it's truly a beautiful thing), there are naturally more choices, including the project home for open source projects - namely CodePlex and RubyForge. The approach that we've taken is to use both. We'll use CodePlex's wiki and RubyForge's issue tracker, mailing list and subversion repository to house the codebase in subversion. We'll try our very best not to duplicate information between the sites and make it intuitive where to find things. We'd love to hear your comments or opinions as to what you would like to see!

UPDATED WIKI: Home

jsallis — Wed, 27 Jun 2007 17:35:04 GMT

Project Home Page


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

A live demo can be found at: https://www.informationcardruby.com/forums
The cruisecontrol.rb server can be found at: http://cruisecontrol.informationcardruby.com

UPDATED WIKI: Home

jsallis — Wed, 27 Jun 2007 17:34:12 GMT

Project Home Page


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: http://cruisecontrol.informationcardruby.com
A live demo can be found at: https://www.informationcardruby.com/forums

UPDATED WIKI: Home

joepoon — Mon, 25 Jun 2007 18:36:43 GMT

Project Home Page


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: http://cruisecontrol.informationcardruby.com
A live demo can be found at: https://www.informationcardruby.com/forums

UPDATED WIKI: Home

joepoon — Mon, 25 Jun 2007 18:34:45 GMT

Project Home Page


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: http://cruisecontrol.informationcardruby.com
A live demo of the code basecan be found at: http://www.informationcardruby.com/demo

UPDATED WIKI: Home

joepoon — Mon, 25 Jun 2007 18:29:29 GMT

Project Home Page

For everything Information Card Ruby, visit the http://www.informationcardruby.com

What is Information Card Ruby?
Information Card Ruby provides a rails plugin and supporting library for integrating personal information cards to your Ruby on Rails relying party web application. In the Identity Metasystem, an application that requests and consumes digital identities about an individual is called a relying party. As we develop and learn from this project, Information Card Ruby will generate a developer guideline for integrating information cards to your rails website, much in the spirit of Accepting Information Cards to your ASP.NET site - if we have done the plugin right, this guideline will be short and sweet.

Project Contributors
Information Card Ruby is an open source collaboration project driven by:
Microsoft and ThoughtWorks.


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: http://cruisecontrol.informationcardruby.com
A live demo of the code basecan be found at: http://www.informationcardruby.com/demo

UPDATED WIKI: Home

joepoon — Mon, 25 Jun 2007 18:25:32 GMT

Project Home Page

For everything Information Card Ruby, visit the http://www.informationcardruby.com

What is Information Card Ruby?
Information Card Ruby aims to provide a rails plugin and supporting library for integrating personal information cards to your Ruby on Rails relying party web application. In the Identity Metasystem, an application that requests and consumes digital identities about an individual is called a relying party. As we develop and learn from this project, Information Card Ruby will generate a developer guideline for integrating information cards to your rails website, much in the spirit of Accepting Information Cards to your ASP.NET site - if we have done the plugin right, this guideline will be short and sweet.

Project Contributors
Information Card Ruby is an open source collaboration project driven by:
Microsoft and ThoughtWorks.


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster. Top this off with a certificate.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: <TBD, coming soon!>
A live demo of the code basecan be found at: <TBD, coming soon!>

More importantly, let us know what you like and even more importantly, what you don't like!

Milestones
We don't have a current release yet, but we're working on it. Below are some target dates we're aiming for.
June 16th: information_card_authentication 0.1.0
June 29th: information_card_authentication 0.2.0

Fair enough, but where's the code?
We don't have a release yet, and the code is still early in development. As mentioned in the design goals, we're spiking the extraction of behaviors that we would like to see in a cardspace plugin/library. The code will reside at RubyForge under the project Information Card. If it's looking a little bare at the moment, we appreciate your patience - but rest assured, the best is yet to come!

CodePlex and RubyForge
In bringing together platforms and technologies (it's truly a beautiful thing), there are naturally more choices, including the project home for open source projects - namely CodePlex and RubyForge. The approach that we've taken is to use both. We'll leverage CodePlex's terrific issue tracker and release management to manage the project itself and RubyForge's subversion repository to house the codebase in subversion. We'll try our very best not to duplicate information between the sites and make it intuitive where to find things. We'd love to hear your comments or opinions as to what you would like to see!

Let's get it started!
Now that we have a project home page, a pretty logo and talked the talk, it's probably about time we started to do some work. No better time than the present, so let's make it happen!

UPDATED WIKI: Home

joepoon — Mon, 25 Jun 2007 18:24:54 GMT

Project Home Page

For everything Information Card Ruby, visit the www.informationcardruby.com

What is Information Card Ruby?
Information Card Ruby aims to provide a rails plugin and supporting library for integrating personal information cards to your Ruby on Rails relying party web application. In the Identity Metasystem, an application that requests and consumes digital identities about an individual is called a relying party. As we develop and learn from this project, Information Card Ruby will generate a developer guideline for integrating information cards to your rails website, much in the spirit of Accepting Information Cards to your ASP.NET site - if we have done the plugin right, this guideline will be short and sweet.

Project Contributors
Information Card Ruby is an open source collaboration project driven by:
Microsoft and ThoughtWorks.


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster. Top this off with a certificate.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: <TBD, coming soon!>
A live demo of the code basecan be found at: <TBD, coming soon!>

UPDATED WIKI: Open source libraries

joepoon — Wed, 23 May 2007 01:51:58 GMT

Orphaned page.

UPDATED WIKI: Home

joepoon — Tue, 22 May 2007 21:26:39 GMT

What is Information Card Ruby?
Information Card Ruby aims to provide a rails plugin and supporting library for integrating personal information cards to your Ruby on Rails relying party web application. In the Identity Metasystem, an application that requests and consumes digital identities about an individual is called a relying party. As we develop and learn from this project, Information Card Ruby will generate a developer guideline for integrating information cards to your rails website, much in the spirit of Accepting Information Cards to your ASP.NET site - if we have done the plugin right, this guideline will be short and sweet.

Project Contributors
Information Card Ruby is an open source collaboration project driven by:
Microsoft and ThoughtWorks.


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster. Top this off with a certificate.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: <TBD, coming soon!>
A live demo of the code basecan be found at: <TBD, coming soon!>

UPDATED WIKI: Home

joepoon — Mon, 21 May 2007 05:00:15 GMT


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster. Top this off with a certificate.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

Also, we're learning from and utilizing some open source libraries. Thank-you for making this world as better place - well, at least ours for sure!

Feedback
We believe in short feedback loops. We want to deploy often and always know the status of our codebase. So, we have a live server which will run the latest codebase and a continuous integration server to tell us who to thank for fixing the build.

The cruisecontrol.rb server can be found at: <TBD, coming soon!>
A live demo of the code basecan be found at: <TBD, coming soon!>

UPDATED WIKI: Home

joepoon — Mon, 21 May 2007 04:57:23 GMT


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster. Top this off with a certificate.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: <TBD, coming soon!>
A live demo of the code basecan be found at: <TBD, coming soon!>

More importantly, let us know what you like and even more importantly, what you don't like!

Milestones
We don't have a current release yet, but we're working on it. Below are some target dates we're aiming for.
June 16th: information_card_authentication 0.1.0
June 29th: information_card_authentication 0.2.0

Fair enough, but where's the code?
We don't have a release yet, and the code is still early in development. As mentioned in the design goals, we're spiking the extraction of behaviors that we would like to see in a cardspace plugin/library. The code will reside at RubyForge under the project Information Card. If it's looking a little bare at the moment, we appreciate your patience - but rest assured, the best is yet to come!

CodePlex and RubyForge
In bringing together platforms and technologies (it's truly a beautiful thing), there are naturally more choices, including the project home for open source projects - namely CodePlex and RubyForge. The approach that we've taken is to use both. We'll leverage CodePlex's terrific issue tracker and release management to manage the project itself and RubyForge's subversion repository to house the codebase in subversion. We'll try our very best not to duplicate information between the sites and make it intuitive where to find things. We'd love to hear your comments or opinions as to what you would like to see!

Let's get it started!
Now that we have a project home page, it's probably about time we started to do some work. No better time than the present, let's make it happen!

UPDATED WIKI: Home

joepoon — Mon, 21 May 2007 04:55:08 GMT


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster. Top this off with a certificate.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: <TBD, coming soon!>
A live demo of the code basecan be found at: <TBD, coming soon!>

More importantly, let us know what you like and even more importantly, what you don't like!

Milestones
We don't have a current release yet, but we're working on it. Below are some target dates we're aiming for.
June 16th: information_card_authentication 0.1.0
June 29th: information_card_authentication 0.2.0

Fair enough, but where's the code?
We don't have a release yet, and the code is still early in development. As mentioned in the design goals, we're spiking the extraction of behaviors that we would like to see in a cardspace plugin/library. The code will reside at: RubyForge Information Card. If it's looking a little bare at the moment, we appreciate your patience - but rest assured, the best is yet to come!

CodePlex and RubyForge
In bringing together platforms and technologies (it's truly a beautiful thing), there are naturally more choices, including the project home for open source projects - namely CodePlex and RubyForge. The approach that we've taken is to use both. We'll leverage CodePlex's terrific issue tracker and release management to manage the Information Card Ruby and RubyForge's subversion repository to house the codebase in subversion. We'll try our very best not to duplicate information between the sites and make it intuitive where to find things. We'd love to hear your comments or opinions as to what you would like to see!

Let's get it started!
Now that we have a project home page, it's probably about time we started to do some work. No better time than the present, let's make it happen!

UPDATED WIKI: Home

joepoon — Mon, 21 May 2007 04:53:10 GMT


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster. Top this off with a certificate.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: <TBD, coming soon!>
A live demo of the code basecan be found at: <TBD, coming soon!>

More importantly, let us know what you like and even more importantly, what you don't like!

Milestones
We don't have a current release yet, but we're working on it. Below are some target dates we're aiming for.
June 16th: information_card_authentication 0.1.0
June 29th: information_card_authentication 0.2.0

Fair enough, but where's the code?
We don't have a release yet, and the code is still early in development. As mentioned in the design goals, we're spiking the extraction of behaviors that we would like to see in a cardspace plugin/library. The code will reside at: RubyForge Information Card.

CodePlex and RubyForge
In bringing together platforms and technologies (it's truly a beautiful thing), there are naturally more choices, including the project home for open source projects - namely CodePlex and RubyForge. The approach that we've taken is to use both. We'll leverage CodePlex's terrific issue tracker and release management to manage the Information Card Ruby and RubyForge's subversion repository to house the codebase in subversion. We'll try our very best not to duplicate information between the sites and make it intuitive where to find things. We'd love to hear your comments or opinions as to what you would like to see!

Let's get it started!
Now that we have a project home page, it's probably about time we started to do some work. No better time than the present, let's make it happen!

UPDATED WIKI: Home

joepoon — Mon, 21 May 2007 01:59:48 GMT


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster. Top this off with a certificate.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: <TBD, coming soon!>
A live demo of the code basecan be found at: <TBD, coming soon!>

More importantly, let us know what you like and even more importantly, what you don't like!

Milestones
We don't have a current release yet, but we're working on it. Below are some target dates we're aiming for.
June 16th: information_card_authentication 0.1.0
June 29th: information_card_authentication 0.2.0

Fair enough, but where's the code?
As mentioned, we don't have a release yet, and the code is still early in development. As mentioned in the design goals, we're spiking the extraction of behaviors that we would like to see in a cardspace plugin/library. The code can be found at: RubyForge Information Card.

CodePlex and RubyForge
In bringing together platforms and technologies (it's truly a beautiful thing), there are naturally more choices, including the project home for open source projects - namely CodePlex and RubyForge. The approach that we've taken is to use both. We'll leverage CodePlex's terrific issue tracker and release management to manage the Information Card Ruby and RubyForge's subversion repository to house the codebase in subversion. We'll try our very best not to duplicate information between the sites and make it intuitive where to find things. We'd love to hear your comments or opinions as to what you would like to see!

Let's get it started!
Now that we have a project home page, it's probably about time we started to do some work. No better time than the present, let's make it happen!

UPDATED WIKI: Home

joepoon — Mon, 21 May 2007 01:54:47 GMT

What is Information Card Ruby?
Information Card Ruby aims to provide a rails plugin for integrating personal information cards to your Ruby on Rails relying party web application. In the Identity Metasystem, an application that requests and consumes digital identities about an individual is called a relying party. As we develop and learn from this project, Information Card Ruby will generate a developer guideline for integrating information cards to your rails website, much in the spirit of Accepting Information Cards to your ASP.NET site - if we have done the plugin right, this guideline will be short and sweet.

Project Contributors
Information Card Ruby is an open source collaboration project driven by:
Microsoft and ThoughtWorks.


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster. Top this off with a certificate.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: <TBD, coming soon!>
A live demo of the code basecan be found at: <TBD, coming soon!>

More importantly, let us know what you like and even more importantly, what you don't like!

Milestones
We don't have a current release yet, but we're working on it. Below are some target dates we're aiming for.
June 16th: information_card_authentication 0.1.0
June 29th: information_card_authentication 0.2.0

Fair enough, but where's the code?
As mentioned, we don't have a release yet, and the code is still early in development. As mentioned in the design goals, we're spiking the extraction of behaviors that we would like to see in a cardspace plugin/library. The code can be found at: RubyForge Information Card.

CodePlex and RubyForge
In bringing together platforms and technologies (it's truly a beautiful thing), there are naturally more choices, including the project home for open source projects - namely CodePlex and RubyForge. The approach that we've taken is to use both. We'll leverage CodePlex's terrific issue tracker and release management to manage the Information Card Ruby and RubyForge's subversion repository to house the codebase in subversion. We'll try our very best not to duplicate information between the sites and make it intuitive where to find things. We'd love to hear your comments or opinions as to what you would like to see!

Let's get it started!
Now that we have a project home page, it's probably about time we started to do some work. No better time than the present, let's make it happen!

UPDATED WIKI: Home

joepoon — Sun, 20 May 2007 21:43:04 GMT


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster. Top this off with a certificate.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: <TBD, coming soon!>
A live demo of the code basecan be found at: <TBD, coming soon!>

More importantly, let us know what you like and even more importantly, what you don't like!

Milestones
We don't have a current release yet, but we're working on it. Below are some target dates we're aiming for.
June 16th: information_card_authentication 0.1.0
June 29th: information_card_authentication 0.2.0

Fair enough, but where's the code?
As mentioned, we don't have a release yet, and the code is still early in development. As mentioned in the design goals, we're spiking the extraction of behaviors that we would like to see in a cardspace plugin/library. The code can be found at: RubyForge Information Card.

CodePlex and RubyForge
In bringing together platforms and technologies (it's truly a beautiful thing), there are naturally more choices, including the project home for open source projects - namely CodePlex and RubyForge. The approach that we've taken is to use both. We'll leverage CodePlex's terrific issue tracker and release management to manage the Information Card Ruby and RubyForge's subversion repository to house the codebase in subversion. We'll try our very best not to duplicate information between the sites and make it intuitive where to find things. We'd love to hear your comments or opinions as to what you would like to see!

Let's get it started!
Now that we have a project home page, it's probably about time we started to do some work. No better time than the present, let's make it happen!

UPDATED WIKI: Home

joepoon — Sun, 20 May 2007 21:39:22 GMT


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster. Top this off with a certificate.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: <TBD, coming soon!>
A live demo of the code basecan be found at: <TBD, coming soon!>

More importantly, let us know what you like and even more importantly, what you don't like!

Milestones
We don't have a current release yet, but we're working on it. Below are some target dates we're aiming for.
June 16th: information_card_authentication 0.1.0
June 29th: information_card_authentication 0.2.0

Fair enough, but where's the code?
As mentioned, we don't have a release yet, and the code is still early in development. As mentioned in the design goals, we're spiking the extraction of behaviors that we would like to see in a cardspace plugin/library. The code can be found at: RubyForge Information Card.

CodePlex and RubyForge
In bringing together platforms and technologies (it's truly a beautiful thing), there are naturally more choices, including the project home for open source projects - namely CodePlex and RubyForge. The approach that we've taken is to use both. We'll leverage CodePlex's terrific issue tracker and release management to manage the Information Card Ruby and RubyForge's subversion repository to house the codebase in subversion. We'll try our very best not to duplicate information between the sites and make it intuitive where to find things. We'd love to hear your comments or opinions as to what you would like to see!

Let's get it started!
Now that we have a project home page, it's probably about time we started to do some work. No better time than the present, let's make it happen!

UPDATED WIKI: Home

joepoon — Sun, 20 May 2007 21:37:09 GMT

What is Information Card Ruby?
CardSpace Ruby aims to provide a rails plugin for integrating personal information cards to your Ruby on Rails relying party web application. In the Identity Metasystem, an application that requests and consumes digital identities about an individual is called a relying party. As we develop and learn from this project, Information Card Ruby will generate a developer guideline for integrating information cards to your rails website, much in the spirit of Accepting Information Cards to your ASP.NET site - if we have done the plugin right, this guideline will be short and sweet.

Project Contributors
Information Card Ruby is an open source collaboration project driven by:
Microsoft and ThoughtWorks.


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster. Top this off with a certificate.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: <TBD, coming soon!>
A live demo of the code basecan be found at: <TBD, coming soon!>

More importantly, let us know what you like and even more importantly, what you don't like!

Milestones
We don't have a current release yet, but we're working on it. Below are some target dates we're aiming for.
June 16th: information_card_authentication 0.1.0
June 29th: information_card_authentication 0.2.0

Fair enough, but where's the code?
As mentioned, we don't have a release yet, and the code is still early in development. As mentioned in the design goals, we're spiking the extraction of behaviors that we would like to see in a cardspace plugin/library. The code can be found at: RubyForge Information Card.

CodePlex and RubyForge
In bringing together platforms and technologies (it's truly a beautiful thing), there are naturally more choices, including the project home for open source projects - namely CodePlex and RubyForge. The approach that we've taken is to use both. We'll leverage CodePlex's terrific issue tracker and release management to manage the Information Card Ruby and RubyForge's subversion repository to house the codebase in subversion. We'll try our very best not to duplicate information between the sites and make it intuitive where to find things. We'd love to hear your comments or opinions as to what you would like to see!

Let's get it started!
Now that we have a project home page, it's probably about time we started to do some work. No better time than the present, let's make it happen!

UPDATED WIKI: Home

joepoon — Sat, 19 May 2007 17:44:20 GMT


Microsoft is the project sponsor and being CardSpace experts, provides architectural guidance and best practices in the Identity MetaSystem.	ThoughtWorks is actively involved in some of the world's leading Ruby projects and is excited to be driving the development on Information Card Ruby.

What is CardSpace?
In the Identity Metasystem, there are several players including the user, the identity selector and the relying party. This project allows a relying party (your website) to accept and process information cards from a user.

From http://cardspace.netfx3.com/
"Windows CardSpace, formerly codenamed “InfoCard”, is a piece of client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user – or subject – needs to authenticate to a website or a web service, CardSpace pops up a special security-hardened UI with a set of “cards” for the user to choose from. Each card has some identity data associated with it – though this is not actually stored in the card – and has been given to the user by an identity provider such as their bank, employer or government. In fact, the user can also act as an identity provider – this is essentially what we do every time we register at a website. The CardSpace UI enables users to create Personal cards and associate a limited set of identity data. When the user chooses a card, a request in the form of a web service call goes to the relevant provider, and a signed and encrypted security token is returned containing the required information (e.g. credit limit, employer’s name and address, or perhaps a social security number). The user, in control of the flow of information at all times, then decides whether to release this information to the requesting online service. If the user approves then the token is sent on to this relying party where the token is processed and the user is authenticated."

Open Standards
The Information Card model is built on open, interoperable communication standards that have been implemented on Windows and other platforms. Case in point, the relying party can be implemented in Ruby on Rails (that's us!). For more information on interoperability, take a look at the Identity Selector Interoperability Profile.

The General Idea
Lost in the Identity Metasystem? Need more information on information cards? No worries! Below is a diagram of a typical scenario to set your mental context - here, we have our star user Molly who would like to login into your rails application with her personal information card. Note that this diagram is ultra simple and by no means correct - luckily for you, we have the good folks at Microsoft to provide us with the proper guidance at cardspace.netfx.com.

Squinting? To view a larger image, click here: The General Idea

User Scenarios
To get started, we have identified stories and tasks. To help you get a feel for what we are working on, some are listed below:

As a user, I would like to:

Design goals

Provide a plugin to provide out-of-the-box information card authentication
Provide documentation as to how to incorporate information cards to your website
Provide a well tested plugin that so that fellow developers using it can sleep at night and stay up late at night contributing to it.
Simplicity. From James Adams on rails plugins, "It was the small mammals who survived when the the dinosaurs died out."
Extract, don't expect it. To achieve this simplicity that James describes, we're not going to start by building a plugin to handle every conceivable cardspace scenario. Instead, we will first spike an application to authenticate personal information cards - we'll learn from it, immerse in it, be at one with the information card and then from there, extract out what makes sense. Afterall, every piece of code just wants to have a purpose.

SSL: The Windows CardSpace Identity Selector requires an SSL channel. To setup a Ruby on Rails website configured over HTTPS, an option is to setup an Apache SSL virtual host which proxies requests to your mongrel server or cluster. Top this off with a certificate.
Internet Explorer 7 (or FireFox with Cardspace plugin)
Windows Vista or Windows XP with .NET 3.0 Framework
MySQL: This project will use MySQL as the underlying database.

The cruisecontrol.rb server can be found at: <TBD, coming soon!>
A live demo of the code basecan be found at: <TBD, coming soon!>

More importantly, let us know what you like and even more importantly, what you don't like!

Milestones
We don't have a current release yet, but we're working on it. Below are some target dates we're aiming for.
June 16th: information_card_authentication 0.1.0
June 29th: information_card_authentication 0.2.0

Fair enough, but where's the code?
As mentioned, we don't have a release yet, and the code is still early in development. As mentioned in the design goals, we're spiking the extraction of behaviors that we would like to see in a cardspace plugin/library. The code can be found at: RubyForge Information Card.

CodePlex and RubyForge
In bringing together platforms and technologies (it's truly a beautiful thing), there are naturally more choices, including the project home for open source projects - namely CodePlex and RubyForge. The approach that we've taken is to use both. We'll leverage CodePlex's terrific issue tracker and release management to manage the Information Card Ruby and RubyForge's subversion repository to house the codebase in subversion. We'll try our very best not to duplicate information between the sites and make it intuitive where to find things. We'd love to hear your comments or opinions as to what you would like to see!

Let's get it started!
Now that we have a project home page, it's probably about time we started to do some work. No better time than the present, let's make it happen!