"Fossies" - the Fresh Open Source Software Archive

Member "dacs-1.4.46/man/dacs_infocard.8" (8 Jun 2021, 19487 Bytes) of package /linux/www/dacs-1.4.46.txz:


The requested HTML page contains a <FORM> tag that is unusable on "Fossies" in "automatic" (rendered) mode so that page is shown as HTML source code (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 .\" Copyright (c) 2003-2021
    2 .\" Distributed Systems Software.  All rights reserved.
    3 .\" See the file LICENSE for redistribution information.
    4 .\" $Id: copyright-nr 3149 2021-01-14 21:54:54Z brachman $
    5 .\"     Title: dacs_infocard
    6 .\"    Author: [see the "AUTHOR" section]
    7 .\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
    8 .\"      Date: 06/08/2021
    9 .\"    Manual: DACS Web Services Manual
   10 .\"    Source: DACS 1.4.46
   11 .\"  Language: English
   12 .\"
   13 .TH "DACS_INFOCARD" "8" "06/08/2021" "DACS 1.4.46" "DACS Web Services Manual"
   14 .\" -----------------------------------------------------------------
   15 .\" * (re)Define some macros
   16 .\" -----------------------------------------------------------------
   17 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   18 .\" toupper - uppercase a string (locale-aware)
   19 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   20 .de toupper
   21 .tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
   22 \\$*
   23 .tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
   24 ..
   25 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   26 .\" SH-xref - format a cross-reference to an SH section
   27 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   28 .de SH-xref
   29 .ie n \{\
   30 .\}
   31 .toupper \\$*
   32 .el \{\
   33 \\$*
   34 .\}
   35 ..
   36 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   37 .\" SH - level-one heading that works better for non-TTY output
   38 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   39 .de1 SH
   40 .\" put an extra blank line of space above the head in non-TTY output
   41 .if t \{\
   42 .sp 1
   43 .\}
   44 .sp \\n[PD]u
   45 .nr an-level 1
   46 .set-an-margin
   47 .nr an-prevailing-indent \\n[IN]
   48 .fi
   49 .in \\n[an-margin]u
   50 .ti 0
   51 .HTML-TAG ".NH \\n[an-level]"
   52 .it 1 an-trap
   53 .nr an-no-space-flag 1
   54 .nr an-break-flag 1
   55 \." make the size of the head bigger
   56 .ps +3
   57 .ft B
   58 .ne (2v + 1u)
   59 .ie n \{\
   60 .\" if n (TTY output), use uppercase
   61 .toupper \\$*
   62 .\}
   63 .el \{\
   64 .nr an-break-flag 0
   65 .\" if not n (not TTY), use normal case (not uppercase)
   66 \\$1
   67 .in \\n[an-margin]u
   68 .ti 0
   69 .\" if not n (not TTY), put a border/line under subheading
   70 .sp -.6
   71 \l'\n(.lu'
   72 .\}
   73 ..
   74 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   75 .\" SS - level-two heading that works better for non-TTY output
   76 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   77 .de1 SS
   78 .sp \\n[PD]u
   79 .nr an-level 1
   80 .set-an-margin
   81 .nr an-prevailing-indent \\n[IN]
   82 .fi
   83 .in \\n[IN]u
   84 .ti \\n[SN]u
   85 .it 1 an-trap
   86 .nr an-no-space-flag 1
   87 .nr an-break-flag 1
   88 .ps \\n[PS-SS]u
   89 \." make the size of the head bigger
   90 .ps +2
   91 .ft B
   92 .ne (2v + 1u)
   93 .if \\n[.$] \&\\$*
   94 ..
   95 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   96 .\" BB/BE - put background/screen (filled box) around block of text
   97 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   98 .de BB
   99 .if t \{\
  100 .sp -.5
  101 .br
  102 .in +2n
  103 .ll -2n
  104 .gcolor red
  105 .di BX
  106 .\}
  107 ..
  108 .de EB
  109 .if t \{\
  110 .if "\\$2"adjust-for-leading-newline" \{\
  111 .sp -1
  112 .\}
  113 .br
  114 .di
  115 .in
  116 .ll
  117 .gcolor
  118 .nr BW \\n(.lu-\\n(.i
  119 .nr BH \\n(dn+.5v
  120 .ne \\n(BHu+.5v
  121 .ie "\\$2"adjust-for-leading-newline" \{\
  122 \M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
  123 .\}
  124 .el \{\
  125 \M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
  126 .\}
  127 .in 0
  128 .sp -.5v
  129 .nf
  130 .BX
  131 .in
  132 .sp .5v
  133 .fi
  134 .\}
  135 ..
  136 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  137 .\" BM/EM - put colored marker in margin next to block of text
  138 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  139 .de BM
  140 .if t \{\
  141 .br
  142 .ll -2n
  143 .gcolor red
  144 .di BX
  145 .\}
  146 ..
  147 .de EM
  148 .if t \{\
  149 .br
  150 .di
  151 .ll
  152 .gcolor
  153 .nr BH \\n(dn
  154 .ne \\n(BHu
  155 \M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
  156 .in 0
  157 .nf
  158 .BX
  159 .in
  160 .fi
  161 .\}
  162 ..
  163 .\" -----------------------------------------------------------------
  164 .\" * set default formatting
  165 .\" -----------------------------------------------------------------
  166 .\" disable hyphenation
  167 .nh
  168 .\" disable justification (adjust text to left margin only)
  169 .ad l
  170 .\" -----------------------------------------------------------------
  171 .\" * MAIN CONTENT STARTS HERE *
  172 .\" -----------------------------------------------------------------
  173 .SH "Name"
  174 dacs_infocard \- Information Card administration
  175 .SH "Synopsis"
  176 .fam C
  177 .HP \w'\fBdacs_infocard\fR\ 'u
  178 \fBdacs_infocard\fR [\fI\m[blue]\fBdacsoptions\fR\m[]\&\s-2\u[1]\d\s+2\fR]
  179 .fam
  180 .SH "DESCRIPTION"
  181 .PP
  182 This program is part of the
  183 \fBDACS\fR
  184 suite\&.
  185 .PP
  186 The
  187 \fBdacs_infocard\fR
  188 web service is used:
  189 .sp
  190 .RS 4
  191 .ie n \{\
  192 \h'-04'\(bu\h'+03'\c
  193 .\}
  194 .el \{\
  195 .sp -1
  196 .IP \(bu 2.3
  197 .\}
  198 to perform a variety of administrative InfoCard functions;
  199 .RE
  200 .sp
  201 .RS 4
  202 .ie n \{\
  203 \h'-04'\(bu\h'+03'\c
  204 .\}
  205 .el \{\
  206 .sp -1
  207 .IP \(bu 2.3
  208 .\}
  209 as a Relying Party to register a self\-issued InfoCard, creating an account that can be used for authentication\&. InfoCard\-based authentication is performed by
  210 \m[blue]\fBlocal_infocard_authenticate\fR\m[]\&\s-2\u[2]\d\s+2, a
  211 \fBDACS\fR
  212 authentication module\&. These accounts are used only by
  213 \fBlocal_infocard_authenticate\fR
  214 and are completely separate from any other accounts\&.
  215 .RE
  216 .sp
  217 .RS 4
  218 .ie n \{\
  219 \h'-04'\(bu\h'+03'\c
  220 .\}
  221 .el \{\
  222 .sp -1
  223 .IP \(bu 2.3
  224 .\}
  225 to act on behalf of a Relying Party to validate and extract claim values from a secure token created from either a self\-issued or managed InfoCard\&.
  226 .RE
  227 .sp
  228 .RE
  229 .if n \{\
  230 .sp
  231 .\}
  232 .RS 4
  233 .BM yellow
  234 .it 1 an-trap
  235 .nr an-no-space-flag 1
  236 .nr an-break-flag 1
  237 .br
  238 .ps +1
  239 \fBNotes\fR
  240 .ps -1
  241 .br
  242 .PP
  243 
  244 .sp
  245 .RS 4
  246 .ie n \{\
  247 \h'-04'\(bu\h'+03'\c
  248 .\}
  249 .el \{\
  250 .sp -1
  251 .IP \(bu 2.3
  252 .\}
  253 Many Identity Selectors can create a self\-issued InfoCard, but you must use
  254 \m[blue]\fBdacs_managed_infocard(8)\fR\m[]\&\s-2\u[3]\d\s+2
  255 to create a managed InfoCard\&.
  256 .RE
  257 .sp
  258 .RS 4
  259 .ie n \{\
  260 \h'-04'\(bu\h'+03'\c
  261 .\}
  262 .el \{\
  263 .sp -1
  264 .IP \(bu 2.3
  265 .\}
  266 If a Relying Party checks that the security token that it receives satisfies the validity window condition expressed by the token, as it typically will, then the system clocks at the IP/STS (e\&.g\&.,
  267 \m[blue]\fBdacs_sts(8)\fR\m[]\&\s-2\u[4]\d\s+2) and Relying Party must be adequately synchronized; see
  268 \m[blue]\fBINFOCARD_TOKEN_DRIFT_SECS\fR\m[]\&\s-2\u[5]\d\s+2\&.
  269 .RE
  270 .sp
  271 .RS 4
  272 .ie n \{\
  273 \h'-04'\(bu\h'+03'\c
  274 .\}
  275 .el \{\
  276 .sp -1
  277 .IP \(bu 2.3
  278 .\}
  279 Owing to the InfoCard system architecture, a Relying Party need not have network connectivity to a user\'s IP/STS (e\&.g\&.,
  280 \m[blue]\fBdacs_sts(8)\fR\m[]\&\s-2\u[4]\d\s+2), although the user\'s browser must\&. This means, for example, that if a user (or his organization) operates his own IP/STS, it can be located on the same side of a firewall as the user\'s browser, which may improve the level of security of the IP/STS and any sensitive information it may store and access\&.
  281 .RE
  282 .sp
  283 .RS 4
  284 .ie n \{\
  285 \h'-04'\(bu\h'+03'\c
  286 .\}
  287 .el \{\
  288 .sp -1
  289 .IP \(bu 2.3
  290 .\}
  291 Much of the functionality of this program is also available as a
  292 \fBDACS\fR
  293 utility,
  294 \m[blue]\fBdacsinfocard(1)\fR\m[]\&\s-2\u[6]\d\s+2, which operates on the same account files\&.
  295 .RE
  296 .sp
  297 .RE
  298 .sp .5v
  299 .EM yellow
  300 .RE
  301 .PP
  302 Accounts are accessed through
  303 \fBDACS\'s\fR
  304 virtual filestore using item type
  305 \FCinfocards\F[]\&.
  306 .if n \{\
  307 .sp
  308 .\}
  309 .RS 4
  310 .BM yellow
  311 .it 1 an-trap
  312 .nr an-no-space-flag 1
  313 .nr an-break-flag 1
  314 .br
  315 .ps +1
  316 \fBNote\fR
  317 .ps -1
  318 .br
  319 .PP
  320 The official nomenclature for claims can be confusing\&. In an attempt at consistency and simplification, the
  321 \fBDACS\fR
  322 documentation tries to adhere to the following definitions (with the stated compile\-time limits):
  323 .PP
  324 Claim
  325 .RS 4
  326 A pair comprising an attribute name (the
  327 Claim type) and an attribute value (the
  328 Claim value)\&. The attribute value is optional\&. The number of claims is limited to
  329 \fB10\fR
  330 static claims and
  331 \fB20\fR
  332 dynamic claims\&.
  333 .RE
  334 .PP
  335 Claim type
  336 .RS 4
  337 A unique
  338 \m[blue]\fBURI\fR\m[]\&\s-2\u[7]\d\s+2
  339 that consists of a
  340 Claim URI prefix
  341 followed by a
  342 Claim name\&. This can be thought of as an attribute name\&.
  343 \fBDACS\fR
  344 does not allow the URI to include a query or fragment component\&. A claim type is never dereferenced, it is merely a label\&. Only characters that are valid in a URI are allowed; therefore any invalid characters must be properly encoded\&. Claim types are case sensitive, despite the fact that they are URIs\&. There is a compile\-time length limit:
  345 \fB128\fR
  346 characters for the URI prefix and
  347 \fB32\fR
  348 characters for the claim name\&.
  349 .RE
  350 .PP
  351 Claim URI prefix
  352 .RS 4
  353 This URI identifies a namespace in which the
  354 Claim name
  355 lives (it may not include a query or fragment component)\&. Two
  356 \m[blue]\fB claim types\fR\m[]\&\s-2\u[8]\d\s+2
  357 with different URI prefixes but the same claim name are distinct\&. The InfoCard specification uses the namespace
  358 \FChttp://schemas\&.xmlsoap\&.org/ws/2005/05/identity/claims\F[]
  359 for self\-issued claims\&.
  360 \fBDACS\fR
  361 uses the namespace
  362 \FChttp://dacs\&.dss\&.ca/claims\F[]
  363 for its claims\&. These namespaces should be treated as "reserved"\&. User\-defined claims should live in other namespaces, preferably ones over which the user has some authority\&.
  364 .RE
  365 .PP
  366 Claim URI prefix abbreviation
  367 .RS 4
  368 To avoid the tedious and error\-prone task of having to repeatedly enter long
  369 Claim URI prefix
  370 strings, in designated contexts
  371 \fBDACS\fR
  372 recognizes (but never requires) an abbreviation\&. Two case\-sensitive abbreviations are defined: "\FCstandard\F[]" (equivalent to
  373 \FChttp://schemas\&.xmlsoap\&.org/ws/2005/05/identity/claims\F[]) and "\FCdacs\F[]" (equivalent to
  374 \FChttp://dacs\&.dss\&.ca/claims\F[])\&.
  375 .RE
  376 .PP
  377 Claim name
  378 .RS 4
  379 This is a URI path component\&. When appended to a
  380 Claim URI prefix
  381 (or paired with a
  382 Claim URI prefix abbreviation), it forms a
  383 Claim type\&. Only characters that are valid in a URI path component are allowed\&. It is limited to
  384 \fB32\fR
  385 characters\&.
  386 .RE
  387 .PP
  388 Claim value
  389 .RS 4
  390 This can be thought of as an attribute value\&. Technically, this is defined as an
  391 \m[blue]\fBxs:string\fR\m[]\&\s-2\u[9]\d\s+2, which is a sequence of
  392 \m[blue]\fBXML characters\fR\m[]\&\s-2\u[10]\d\s+2\&. Claim values are limited to
  393 \fB64\fR
  394 characters\&.
  395 .RE
  396 .sp .5v
  397 .EM yellow
  398 .RE
  399 .SH "OPTIONS"
  400 .SS "Web Service Arguments"
  401 .PP
  402 In addition to the
  403 \m[blue]\fBstandard CGI arguments\fR\m[]\&\s-2\u[11]\d\s+2,
  404 \fBdacs_infocard\fR
  405 understands the following CGI arguments:
  406 .PP
  407 .PP
  408 \fIOPERATION\fR
  409 .RS 4
  410 The following operations are supported:
  411 .sp
  412 .RS 4
  413 .ie n \{\
  414 \h'-04'\(bu\h'+03'\c
  415 .\}
  416 .el \{\
  417 .sp -1
  418 .IP \(bu 2.3
  419 .\}
  420 \fIDELETE\fR
  421 .sp
  422 Delete the account associated with
  423 \fIUSERNAME\fR\&. This effectively revokes the InfoCard; a self\-issued InfoCard may be re\-registered, but a managed InfoCard becomes unusable\&.
  424 .if n \{\
  425 .sp
  426 .\}
  427 .RS 4
  428 .BM yellow
  429 .it 1 an-trap
  430 .nr an-no-space-flag 1
  431 .nr an-break-flag 1
  432 .br
  433 .ps +1
  434 \fBNote\fR
  435 .ps -1
  436 .br
  437 The quickest way to delete
  438 \fIall\fR
  439 accounts is to delete the contents of the
  440 \FCinfocards\F[]
  441 item type; e\&.g\&., if
  442 \FCinfocards\F[]
  443 points to a file, remove the file or copy
  444 \FC/dev/null\F[]
  445 to it\&.
  446 .sp .5v
  447 .EM yellow
  448 .RE
  449 .RE
  450 .sp
  451 .RS 4
  452 .ie n \{\
  453 \h'-04'\(bu\h'+03'\c
  454 .\}
  455 .el \{\
  456 .sp -1
  457 .IP \(bu 2.3
  458 .\}
  459 \fIDISABLE\fR
  460 .sp
  461 Disable the account associated with
  462 \fIUSERNAME\fR\&. InfoCard\-based authentication on this account will fail; this revokes the InfoCard, but in a reversible way\&. The request is successful if the account is already disabled\&.
  463 .RE
  464 .sp
  465 .RS 4
  466 .ie n \{\
  467 \h'-04'\(bu\h'+03'\c
  468 .\}
  469 .el \{\
  470 .sp -1
  471 .IP \(bu 2.3
  472 .\}
  473 \fIENABLE\fR
  474 .sp
  475 Enable the existing account associated with
  476 \fIUSERNAME\fR\&. InfoCard\-based authentication on this account will be possible\&. The request is successful if the account is already enabled\&.
  477 .RE
  478 .sp
  479 .RS 4
  480 .ie n \{\
  481 \h'-04'\(bu\h'+03'\c
  482 .\}
  483 .el \{\
  484 .sp -1
  485 .IP \(bu 2.3
  486 .\}
  487 \fILIST\fR
  488 .sp
  489 List all accounts\&.
  490 .RE
  491 .sp
  492 .RS 4
  493 .ie n \{\
  494 \h'-04'\(bu\h'+03'\c
  495 .\}
  496 .el \{\
  497 .sp -1
  498 .IP \(bu 2.3
  499 .\}
  500 \fIREGISTER\fR
  501 .sp
  502 Register or re\-register the submitted InfoCard\&. Exactly one set of credentials must accompany the request, and if registration is successful, the submitted InfoCard becomes associated with that identity\&.
  503 .RE
  504 .sp
  505 .RS 4
  506 .ie n \{\
  507 \h'-04'\(bu\h'+03'\c
  508 .\}
  509 .el \{\
  510 .sp -1
  511 .IP \(bu 2.3
  512 .\}
  513 \fITOKEN_ATTRVALS\fR
  514 .sp
  515 If the submitted token is valid, display each claim (attribute) value associated with the
  516 \fIATTRLIST\fR
  517 argument, which consists of zero or more claim names separated by a space\&. If
  518 \fIATTRLIST\fR
  519 is absent or the empty string, all claims in the token are displayed (note that this is not necessarily all of the claims associated with the InfoCard)\&. If any requested claim is not found, the request is ignored (i\&.e\&., it is not an error)\&. The
  520 \FCprivatepersonalidentifier\F[]
  521 claim is displayed in the friendly identifier syntax rather than as a base\-64 encoded string\&. The InfoCard (self\-issued or managed) does not need to be registered at the jurisdiction\&.
  522 .sp
  523 Three syntaxes are recognized for a claim name\&. Some claims are "predefined" in that they are available in any valid token:
  524 \FCissuer\F[],
  525 \FCconfirm_method\F[],
  526 \FCppid\F[]
  527 (or
  528 \FCprivatepersonalidentifier\F[]),
  529 \FCexponent\F[]
  530 (self\-issued only), and
  531 \FCmodulus\F[]
  532 (self\-issued only)\&. The second syntax is the full claim URI (e\&.g\&.,
  533 \FChttp://schemas\&.xmlsoap\&.org/ws/2005/05/identity/claims/webpage\F[])\&. The third syntax uses the
  534 \fBDACS\fR
  535 shorthand: the word "\FCstandard\F[]" or "\FCdacs\F[]", a colon, and the claim name (e\&.g\&.,
  536 \FCstandard:webpage\F[])\&. The token is searched for each claim in the
  537 \fIATTRLIST\fR, other than the predefined ones\&.
  538 .if n \{\
  539 .sp
  540 .\}
  541 .RS 4
  542 .BM yellow
  543 .it 1 an-trap
  544 .nr an-no-space-flag 1
  545 .nr an-break-flag 1
  546 .br
  547 .ps +1
  548 \fBNote\fR
  549 .ps -1
  550 .br
  551 Only the full URI syntax can be used to identify claims in an HTML
  552 \FCOBJECT\F[]\'s
  553 \fIrequiredClaims\fR
  554 and
  555 \fIoptionalClaims\fR
  556 \FCparam\F[]
  557 tag\&.
  558 .sp .5v
  559 .EM yellow
  560 .RE
  561 .RE
  562 .sp
  563 .RS 4
  564 .ie n \{\
  565 \h'-04'\(bu\h'+03'\c
  566 .\}
  567 .el \{\
  568 .sp -1
  569 .IP \(bu 2.3
  570 .\}
  571 \fITOKEN_VALIDATE\fR
  572 .sp
  573 Parse the submitted token and test whether it is valid\&.
  574 .RE
  575 .RS 4
  576 .RE
  577 .PP
  578 \fIxmlToken\fR
  579 .br
  580 \fIAUXILIARY\fR
  581 .RS 4
  582 This is the submitted InfoCard\&. It is required for the
  583 \fITOKEN_VALIDATE\fR,
  584 \fITOKEN_ATTRVALS\fR, and
  585 \fIREGISTER\fR
  586 operations\&. The
  587 \fIAUXILIARY\fR
  588 parameter name may only be used for this purpose if the
  589 \fIxmlToken\fR
  590 parameter name is not also used\&.
  591 .RE
  592 .PP
  593 \fIFORMAT\fR
  594 .RS 4
  595 By default, output is emitted in HTML\&. Several varieties of XML output can be selected, however, using the
  596 \fIFORMAT\fR
  597 argument (please refer to
  598 \m[blue]\fBdacs(1)\fR\m[]\&\s-2\u[12]\d\s+2
  599 and
  600 \m[blue]\fBdacs_passwd\&.dtd\fR\m[]\&\s-2\u[13]\d\s+2)\&. A
  601 \fIFORMAT\fR
  602 of
  603 \FCplain\F[]
  604 may be useful for programs that need to extract claim values; claims are listed one per line with the claim type, followed by an "\FC=\F[]", followed by the claim value\&.
  605 .RE
  606 .PP
  607 \fIUSERNAME\fR
  608 .RS 4
  609 For some operations, the name of the account to act on\&.
  610 .RE
  611 .PP
  612 For the
  613 \fIDELETE\fR,
  614 \fIDISABLE\fR, and
  615 \fIENABLE\fR
  616 operations, the request must be submitted by the account\'s owner or the
  617 \fBDACS\fR
  618 administrator\&.
  619 .PP
  620 Here is an example of a form that might be used to register a self\-issued InfoCard:
  621 .sp
  622 .if n \{\
  623 .RS 4
  624 .\}
  625 .fam C
  626 .ps -1
  627 .nf
  628 .if t \{\
  629 .sp -1
  630 .\}
  631 .BB lightgray adjust-for-leading-newline
  632 .sp -1
  633 
  634 <form name="reg_form" id="reg_form" method="post" action="/cgi\-bin/dacs/dacs_infocard">
  635 <table>
  636 <tr>
  637 <td>
  638  <img src="/infocards/ic_image\&.jpg" onClick="reg_form\&.submit()"/>
  639 <object type="application/x\-informationCard" name="xmlToken">
  640  <param name="tokenType" value="urn:oasis:names:tc:SAML:1\&.0:assertion">
  641  <param name="issuer" value="http://schemas\&.xmlsoap\&.org/ws/2005/05/identity/issuer/self">
  642  <param name="requiredClaims"
  643   value="http://schemas\&.xmlsoap\&.org/ws/2005/05/identity/claims/privatepersonalidentifier">
  644  <param name="privacyUrl" value="https://example\&.com/infocards/privacy_statement\&.txt">
  645  <param Name="privacyVersion" value="3">
  646 </object>
  647 </td>
  648 </tr>
  649 <tr>
  650 <td align="center">
  651  <input type="submit" name="infocard_register" value="Register" id="infocard_register" />
  652 </td>
  653 <td>
  654 </td>
  655 </table>
  656 <input type="hidden" name="OPERATION" value="REGISTER">
  657 </form>
  658 
  659 .EB lightgray adjust-for-leading-newline
  660 .if t \{\
  661 .sp 1
  662 .\}
  663 .fi
  664 .fam
  665 .ps +1
  666 .if n \{\
  667 .RE
  668 .\}
  669 .sp
  670 .SH "FILES"
  671 .PP
  672 \m[blue]\fBdacs_infocard\&.css\fR\m[]\&\s-2\u[14]\d\s+2
  673 .SH "DIAGNOSTICS"
  674 .PP
  675 The program exits
  676 \FC0\F[]
  677 if everything was fine,
  678 \FC1\F[]
  679 if an error occurred\&.
  680 .SH "BUGS"
  681 .PP
  682 The compile\-time limits are fairly arbitrary and only exist to thwart abuse\&. It should probably be possible to specify them at run\-time instead\&.
  683 .PP
  684 XML output is not available yet\&.
  685 .PP
  686 Registration of a self\-issued InfoCard uses the card\'s
  687 PPID
  688 (Private Personal Identifier), which differs for a given InfoCard for different Relying Parties\&. The specification does not precisely define how two Relying Party endpoints are compared for equality, but if an identity selector decides that a jurisdiction\'s endpoint has changed (e\&.g\&., its domain name has been reconfigured), all self\-issued InfoCards previously registered at the jurisdiction will become unusable until they are re\-registered\&.
  689 .PP
  690 This functionality should be integrated with
  691 \m[blue]\fBdacs_admin(8)\fR\m[]\&\s-2\u[15]\d\s+2\&.
  692 .SH "SEE ALSO"
  693 .PP
  694 \m[blue]\fBdacsinfocard(1)\fR\m[]\&\s-2\u[6]\d\s+2,
  695 \m[blue]\fBdacs\&.conf(5)\fR\m[]\&\s-2\u[16]\d\s+2,
  696 \m[blue]\fBdacs_authenticate(8)\fR\m[]\&\s-2\u[17]\d\s+2,
  697 \m[blue]\fBdacs_managed_infocard(8)\fR\m[]\&\s-2\u[3]\d\s+2,
  698 \m[blue]\fBUsing InfoCards With DACS\fR\m[]\&\s-2\u[18]\d\s+2
  699 .SH "AUTHOR"
  700 .PP
  701 Distributed Systems Software (\m[blue]\fBwww\&.dss\&.ca\fR\m[]\&\s-2\u[19]\d\s+2)
  702 .SH "COPYING"
  703 .PP
  704 Copyright \(co 2003\-2018 Distributed Systems Software\&. See the
  705 \m[blue]\fB\FCLICENSE\F[]\fR\m[]\&\s-2\u[20]\d\s+2
  706 file that accompanies the distribution for licensing information\&.
  707 .SH "Notes"
  708 .IP " 1." 4
  709 dacsoptions
  710 .RS 4
  711 \%http://dacs.dss.ca/man/dacs.1.html#dacsoptions
  712 .RE
  713 .IP " 2." 4
  714 local_infocard_authenticate
  715 .RS 4
  716 \%http://dacs.dss.ca/man/dacs_authenticate.8.html#local_infocard_authenticate
  717 .RE
  718 .IP " 3." 4
  719 dacs_managed_infocard(8)
  720 .RS 4
  721 \%http://dacs.dss.ca/man/dacs_managed_infocard.8.html
  722 .RE
  723 .IP " 4." 4
  724 dacs_sts(8)
  725 .RS 4
  726 \%http://dacs.dss.ca/man/dacs_sts.8.html
  727 .RE
  728 .IP " 5." 4
  729 INFOCARD_TOKEN_DRIFT_SECS
  730 .RS 4
  731 \%http://dacs.dss.ca/man/dacs.conf.5.html#INFOCARD_TOKEN_DRIFT_SECS
  732 .RE
  733 .IP " 6." 4
  734 dacsinfocard(1)
  735 .RS 4
  736 \%http://dacs.dss.ca/man/dacsinfocard.1.html
  737 .RE
  738 .IP " 7." 4
  739 URI
  740 .RS 4
  741 \%https://www.rfc-editor.org/rfc/rfc3986.txt
  742 .RE
  743 .IP " 8." 4
  744 claim types
  745 .RS 4
  746 \%http://dacs.dss.ca/man/#claim_types
  747 .RE
  748 .IP " 9." 4
  749 xs:string
  750 .RS 4
  751 \%https://www.w3.org/TR/2004/REC-xmlschema-2-20041028/datatypes.html#string
  752 .RE
  753 .IP "10." 4
  754 XML characters
  755 .RS 4
  756 \%https://www.w3.org/TR/2000/WD-xml-2e-20000814#NT-Char
  757 .RE
  758 .IP "11." 4
  759 standard CGI arguments
  760 .RS 4
  761 \%http://dacs.dss.ca/man/dacs.services.8.html#standard_cgi_args
  762 .RE
  763 .IP "12." 4
  764 dacs(1)
  765 .RS 4
  766 \%http://dacs.dss.ca/man/dacs.1.html
  767 .RE
  768 .IP "13." 4
  769 dacs_passwd.dtd
  770 .RS 4
  771 \%http://dacs.dss.ca/man/../dtd-xsd/dacs_passwd.dtd
  772 .RE
  773 .IP "14." 4
  774 dacs_infocard.css
  775 .RS 4
  776 \%http://dacs.dss.ca/man//css/dacs_infocard.css
  777 .RE
  778 .IP "15." 4
  779 dacs_admin(8)
  780 .RS 4
  781 \%http://dacs.dss.ca/man/dacs_admin.8.html
  782 .RE
  783 .IP "16." 4
  784 dacs.conf(5)
  785 .RS 4
  786 \%http://dacs.dss.ca/man/dacs.conf.5.html
  787 .RE
  788 .IP "17." 4
  789 dacs_authenticate(8)
  790 .RS 4
  791 \%http://dacs.dss.ca/man/dacs_authenticate.8.html
  792 .RE
  793 .IP "18." 4
  794 Using InfoCards With DACS
  795 .RS 4
  796 \%http://dacs.dss.ca/man/using-infocards-with-dacs.html
  797 .RE
  798 .IP "19." 4
  799 www.dss.ca
  800 .RS 4
  801 \%https://www.dss.ca
  802 .RE
  803 .IP "20." 4
  804 \FCLICENSE\F[]
  805 .RS 4
  806 \%http://dacs.dss.ca/man/../misc/LICENSE
  807 .RE