Compliant Implementation of Native User Agent

Full Name and Status

This is a description of User Agent code running as a Native App on the most common user devices.

This is still a work in progress. Do not expect full functional code at this time.

Context

• This example was originally created as a cross platform app in Microsoft Xamarin Forms with implementation projects in Widows (UWP) and Android. An Apple iOS project was also enabled for later completion using Visual Studio 2019 and .NET standard 2.0.
• More about Native User Agents can be found on that wiki page.

Problem

We need a Native User Agent that can handle Authentication requests on any mobile platform. The goal is to enable Authentication requests from any source with minimal transfers of User Information.

Solution

Access to the Example

Currently a working draft of the Native Agent example code is available in source code at https://github.com/tomcjones/agent

Currently a working draft of the Controls example web site is available at Controls for Emergency Contacts example code. Click on start and sign-in to see the "Personal" sign-in option which can be used to create an Authentication request to this Agent, which needs to be installed on your Windows or Android platform first.

Working Notes

Building the Example from GitHub

Note that the core 1.1 version is on Bitbucket. It will be retired after the new version on GitHub with core 2.2 is fully functional.

Building an Xamarin Forms solution from scratch

The following instructions are one way to create cross platform (UWP, Android, iOS) Native Apps in Xamarin Forms.

• From Visual Studio add new project with: C#, MVC razor pages, Change Identifier to Individual.
• Take control of the user information by overriding the IdentityUser with a local name, here we use the name UserObject to align with terminology in this wiki.
  • It is common to include UserGroup as well as UserObject in the definition if the admin or other types of user will be included in the same database.
• Scaffold Identity in ASP.NET Core 2 projects.
  • for this example choose the instructions labled "Scaffold identity into a Razor project without existing authorization"
  • In the project right-click select add -> scaffold -> Identity and override all files, type in layout cshtml name, DB name and UserObject
  • If you have your own definition of the user before scaffolding, you might wind up with two definitions; delete one.
  • Make a choice about enabling Two factor authentication. If enabled put .AddDefaultTokenProivders() in startup and add email and/or phone providers.
  • For ASP.NET Core 2.2 the razor page format includes the view model and controller in the code behind file, not in a separate controller file.

Next steps

Set up goals and start to build examples and best practices for all of the roles in an ID ecosystem.

1. Now that the IDEF has established a self assessment, work on enabling the ID ecosystem needs enable relying parties and other entities to comply.
2. Promote a Trustmark with UX collateral, images of various sizes for web sites.

Questions and Answers for Designers and Developers

Will need to build for best practices:

• Privacy policy (PP)
• Terms of use (ToU)
• Are there specific ToU and PP provisions that demonstrate how the IDEAL RP might deal with User Private Information in their policies.

UX Questions Specific to the RP example code

1. Demo verification of email (or cell phone) address - will be needed to support Recovery and Notification.
2. What are the canonical terms for identification?
   1. logon logout register resign
   2. login logoff create remove
   3. signin signout signup signoff
3. User roles - how to model - note that one user can have multiple roles
   1. Join email list (no role)
   2. Registered as a member (has applied)
   3. Accepted as a member (partially manual)
   4. Suspended Member
   5. member of an organization
   6. voting member of an organization
   7. Officers of the site
   8. Site Admin

Other issues to look at:

• Some method for creating a strong web site identity, e.g. EV Certs or the new proposal taking shape at Google Chrome.
• Recording devices that are under the control of the user together with the device capabilities for data capture and display
• While all content on this page is covered by the IPR rules, it should be clear that the content on pages linked from this site may have different ownership rights asserted.

Cross Platform Issues

• Dependency Injection With Xamarin Forms is necessary as we cannot access Android, iOS or UWP specific platform code directly from a common project. In order to do so, we need to abstract the implementation through an interface.
• Dependency resolution in Xamarin.Forms includes dependency services.
• Xamarin.Forms DependencyService
• Xamarin.Auth wiki has examples of authentication in a native app.
• Cryptography in .NET
• Elliptic Curve Cryptography in Xamarin

Android Specific Issues

• Navigate from an Android Activity to a Xamarin Forms ContentPage
• use of android keystore
• Verifying hardware-backed key pairs with Key Attestation
• Hardware-backed Keystore version 9 - N and later
• Getting a Result from an Activity

Apple iOS Specific Issues

Windows Specific Issues

• Various ways to deploy app to Windows.]
• How to launch the agent for results.
• Authentication App on Github

References and Coordination