Thursday, January 29, 2009

Infocard Transaction (Becoming?) Possible on iPhone

I think this is a big step forward for identity federation on the iPhone, mainly because it's the merging of two subjects I find rather interesting. I'm not a big Objective-C developer, but reading MobileOrchard's post on protocol handlers within the iPhone SDK gave my brain a kick-start this morning.

Imagine this: As described in previous posts, you encounter a page with an infocard:// link as the login button. That kicks off an iPhone InfoCard selector application, which retrieves the WS-Mex data from the RP page and then interacts with the chosen IDP using WS-Trust to retrieve a token. The retrieved token would ideally then be POSTed to the RP within Safari, but apparently Safari won't deliver app-formed POST data yet. So the last piece of the puzzle would be to either URL-encode the token (yuck), or do some kind of artifact retrieval (equally bad if not worse).

No comments: