Pat, Ben, and Kim have been talking about the use of password tokens for use with Windows CardSpace. Pat's detailed description of how this could work is quite useful, and can be extended in some interesting ways:

1. Create a single-use password deployment

If we change the default WS-Sec username/password token to not only include the username and the password needed to login, but also a newly IdP generated second password that replaces the old one on the RP, we would get a single-use password. This might be quite useful for improving the security of the system.

For the rest of this article, I will call such a token "Extended Username/Password token" (EUPT).

2. Creating an account at the RP

One of the issues that Kim has an issue with is that for bootstraping into a CardSpace password manager setup, the user would be required to enter the initial password into a web form. I agree that this *is* bad, but an extended username/password token could help here, too:
When the user does not yet have an account at the RP, he will need to login at a special URL. That URL accepts cards that support EUPTs. When the user creates the account, the RP will accept an EUPT with *any* values. These initial values (username AND password) are randomly generated at the IdP. Upon receipt of the EUPT, the RP stores the username and the initial password and associates it with the newly created account.

--

Time permitting, I will work with Pat to get this done, at least on the IdP side.

tag: Identity, CardSpace, OpenSSO

I had a SunBlade 1000 (UltraSPARC III based) system available, so I started on a Friday afternoon project of getting Ubuntu installed on this box. Here is what I did to get a running system, including a Gnome desktop:

1. Get the Gutsy ISO image from http://ubuntu.com/ and burn it. You must select the UltraSPARC version, which is - unfortunately - only available for Ubuntu server (more about this below).

2. Run the installer from the CD. THis should be fairly straightforward, but different if you are only used to the desktop edition of Ubuntu. For starters, there is no Live CD with X windows functionality included.

3. You should have a running Ubuntu server system by now. Now in order to get the windowing environment, you need to login and get the entire desktop:
    user@host:~> sudo apt-get install ubuntu-desktop
This should work for the kunbuntu, xubuntu, etc. desktop as well. Good luck trying.

4. During the install, you will likely be prompted to configure Xorg. If this fails for any reason, you can reconfigure X by
    user@host:~> sudo dpkg-reconfigure xserver-xorg
or even
    user@host:~> sudo Xorg -configure

5. By now you should be able to start a naked Xorg server, e.g. by running
    user@host:~> Xorg & sleep 15 ; killall Xorg
This command will kill the X server after 15 seconds, in case the keyboard mapping does not support <Ctrl> <Alt> F1 console switching (try it out).

6. My system has and Elite3D graphics board (sunffb), and even through Xorg would start just fine by itself, when starting X through the gdm, the X server would die after a split-second. To overcome this, I added an option to the gdm.conf file:
Locate the command=/usr/bin/X line in the [server] section of gdm.conf. You need to add the following option at the end of this line:
    +XINERAMA
Apparently, gdm probes for Xinerama support, and the Xorg server for the sunffb will die when being probed without enabling this.

7. After rebooting, the login screen should appear now.

tag: Ubuntu, Gutsy Gibbon, Sparc, Xorg