Compliant Implementation of Native User Agent
From MgmtWiki
Contents
Full Name and Status
This is a description of User Agent code running as a Native App on the most common user devices.
This is still a work in progress. Do not expect full functional code at this time.
Context
This example was originally created in Microsoft Xamarin Forms.
Problem
We need a Native User Agent that can handle Authentication requests on any mobile platform.
Solution
Access to the Example
Currently a working draft of the Relying Party example web site is available ...
Working Notes
Building the Example from GitHub
Note that the core 1.1 version is on Bitbucket. It will be retired after the new version on GitHub with core 2.2 is fully functional.
Building an Xanarin Forms solution from scratch
- From Visual Studio add new project with: C#, MVC razor pages, Change Identifier to Individual.
- Take control of the user information by overriding the IdentityUser with a local name, here we use the name UserObject to align with terminology in this wiki.
- It is common to include UserGroup as well as UserObject in the definition if the admin or other types of user will be included in the same database.
- Scaffold Identity in ASP.NET Core 2 projects.
- for this example choose the instructions labled "Scaffold identity into a Razor project without existing authorization"
- In the project right-click select add -> scaffold -> Identity and override all files, type in layout cshtml name, DB name and UserObject
- If you have your own definition of the user before scaffolding, you might wind up with two definitions; delete one.
- Make a choice about enabling Two factor authentication. If enabled put .AddDefaultTokenProivders() in startup and add email and/or phone providers.
- For ASP.NET Core 2.2 the razor page format includes the view model and controller in the code behind file, not in a separate controller file.
Next steps
Set up goals and start to build examples and best practices for all of the roles in an ID ecosystem.
- Now that the IDEF has established a self assessment, work on enabling the ID ecosystem needs enable relying parties and other entities to comply.
- Promote a Trustmark with UX collateral, images of various sizes for web sites.
Questions and Answers for Designers and Developers
Will need to build for best practices:
- Privacy policy (PP)
- Terms of use (ToU)
- Are there specific ToU and PP provisions that demonstrate how the IDEAL RP might deal with User Private Information in their policies.
UX Questions Specific to the RP example code
- Demo verification of email (or cell phone) address - will be needed to support Recovery and Notification.
- What are the canonical terms for identification?
- logon logout register resign
- login logoff create remove
- signin signout signup signoff
- User roles - how to model - note that one user can have multiple roles
- Join email list (no role)
- Registered as a member (has applied)
- Accepted as a member (partially manual)
- Suspended Member
- member of an organization
- voting member of an organization
- Officers of the site
- Site Admin
Other issues to look at:
- Some method for creating a strong web site identity, e.g. EV Certs or the new proposal taking shape at Google Chrome.
- Recording devices that are under the control of the user together with the device capabilities for data capture and display
- While all content on this page is covered by the IPR rules, it should be clear that the content on pages linked from this site may have different ownership rights asserted.
Cross Platform Issues
- Dependency Injection With Xamarin Forms is necessary as we cannot access Android, iOS or UWP specific platform code directly from a common project. In order to do so, we need to abstract the implementation through an interface.
