Skip to main content

Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

Password Card

Revision as of 16:35, 3 March 2009 by Unnamed Poltroon (Talk)

{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}

Higgins logo 76Wx100H.jpg

As is says on the home page:

  • A long term goal is that [the Higgins] client offer what might be called "universal login." This is the ability to log you in to almost any website or app (called a Relying Party (RP)) using a variety of methods including I-Card, OpenID and username/password.

This page focuses on the username/password subgoal mentioned above.

The Basic Idea

The basic idea is to enhance the Higgins client to enable it to login to websites that use username/password authentication. It would store the site-specific un/pw data as claims on information cards and leverage the selector's UI to manage these cards. With this enhancement the Higgins client would replace the browser's built-in password manager and offer several advantages:

  • All login-related information (whether un/pw or other kinds of personal and managed i-cards) would be managed in one place under a single user metaphor: the i-card
  • Since selector's card stores are external to the browser, a person with multiple browsers will have access to all of their passwords on all of them
  • With a synchronizing selector, the user's passwords are distributed and synchronized across multiple computers and devices
  • Security: since few users turn on the optional "master password" protection in their browsers, most user's password data can easily be stolen by malicious browser plugins. With Password Cards the user's data is managed external to the browser and with some Higgins selectors protected by a "master password" that we believe will be used more often than the browser's master password mechanism.

Requirements

a) Support these Password Card Use Cases

b) Adhere to these constraints:

  1. No extra UI on the browser chrome (e.g. a toolbar)
    • Note: Roboform, Google Toolbar require you to click a button on a toolbar
  2. Automatically highlights fields that it can fill (like Google Toolbar, Sxipper)
    • Browsers do not natively do this
  3. Pure superset of the browser's built-in functionality

Open Issues

What Triggers the fill. Alternatives:

  1. the user must click in username (or password??) field to trigger fill
  2. automatic - native password managers automatically fill
Retrieved from "https://wiki.eclipse.org/index.php?title=Password_Card&oldid=142267"

Back to the top