The IdMMUser agent is responsible for the interaction with the user. The agent can prompt the user to enter his or her credentials, display messages and errors and listen for requests from the user. This section covers the rules for the basic functionalities of the IdMMUser agent8. As with the IdMMClient and IdMMCore agents the IdMMUser
agents makes use of an abstract interface to interact with the user.
As shown in Figure 4.45, the universeUserGUI describes the interface used to interact with the user. The functionlistenForEventis used to listen for an event from the user. The function return anEventGUIconsisting of the type of the event (as described in Figure 4.14 on page 71) and the URI entered by the user. The function displayMes-sageis used to display the a message to the user. The function takes as parameters a string message, the type of the message and a list of extra information about the mes-sage. There are three types of messages that can be displayed: messages notifying the user of a successful authentication/de-authentication, error messages and generic infor-mation messages. The functioninputFromUser is used to ask the user for input. The function takes as parameters a message, a list of extra inputs to be displayed (e.g. a list
8 The rest of the rules will be described when the IdMMProtocoland IdMMMonitoringagent are specified.
enum MessageType={Accept, Info, Error}
universe EventGUI
function eventGUIType: EventGUI → RequestType function eventGUIURI: EventGUI → STRING universe UserGUI
abstract function listenForEvent: UserGUI → RequestType
abstract function displayMessage: UserGUI * STRING * MessageType * LIST → BOOLEAN abstract function inputFromUser: UserGUI * STRING * LIST * ELEMENT → ELEMENT abstract function userLocation: UserGUI → STRING
function gui: Agents → UserGUI
Figure 4.45: ASM Fragment for the User Interface
of services) and the type that the function should return. Finally, the function userLoca-tion is used to provide the user’s location (e.g. IP address, browser user agent string, etc.).
4.5.1 Managing User Events
Figure 4.46 describes the mechanism for managing events. The ruleEventListenis used for listening for an event. When the functionlistenForEventreturns an event, then state is set based on the type of the event triggered by the user. For example, a request for authentication sets the state toEventAuthwhere anAgentRequestis send to the
IdMM-Core agent and added to the process queue. A de-authentication request is sent to the IdMMCore agent via the EventDeAuthrule, as shown in Figure 4.47. The termination of the IdMM is done when a shut down request is sent to the IdMMCore agent via the EventQuitrule.
rule EventListen=
| local ev in
| seq
| ev:=listenForEvent(gui(self))
| case eventGUIType(ev) of
| | Authentication: EventAuth(ev)
| | Deauthentication: EventDeAuth(ev)
| | ShutDown: EventQuit(ev)
| | AddIdentity: EventAddIdentity(ev)
| | EditIdentity: EventEditIdentity(ev)
| | DisableIdentity: EventDisableIdentity(ev)
| | RemoveIdentity: EventRemoveIdentity(ev)
| | AddService: EventAddService(ev)
| | RemoveService: EventRemoveService(ev)
| endcase
| endseq
Figure 4.46: ASM Rule for Listening for an Event
rule EventAuth(event)=
| extend AgentRequest with r do
| seq
| agentRequestType(r):=Authentication
| agentRequestURI(r):=eventGUIURI(event)
| SendMessage(IdMMCore, undef, r, AddToQueue)
| endseq
rule EventDeAuth(event)=
| extend AgentRequest with r do
| seq
| agentRequestType(r):=Deauthentication
| agentRequestURI(r):=eventGUIURI(event)
| SendMessage(IdMMCore, undef, r, AddToQueue)
| endseq
rule EventQuit(event)=
| extend AgentRequest with r do
| seq
| agentRequestType(r):=ShutDown
| SendMessage(IdMMCore, undef, r, AddToQueue)
| endseq
Figure 4.47: ASM Rules for Managing Events
4.5.2 Input from the User
Figure 4.48 shows the rules for the input of credentials and the display of captcha mes-sages. When prompting for credentials, the IdMMCore agent sends a welcome message to the IdMMUser agent and the state is set toOnPrompt. Here the user is requested to introduce his or her credentials and the response is sent back to the IdMMCore agent.
Similarly, when a captcha needs to be solved (see Figure 4.40 on page 95) the
IdMM-Core agent sends a message with the captcha, the state is set toOnCaptchaand the user is prompted to solve it. The response is then sent back to the core agent.
4.5.3 Displaying Messages to the User
In order to display information to the user the IdMMCore agent sends a message to the IdMMUser agent containing the message and, optionally, the service in question.
Figure 4.49 contains the rules for the basic information displayed to a user. The rule OnError displays and error message to the user. The rule OnAccept notifies the user that the authentication to a cloud service was successful. Finally, the ruleOnDisplayis used to display other information to the user.
rule OnPrompt(message, cipher)=
| extend Attr with usr do
| extend Attr with pwd do
| local v in
| seq
| displayMessage(gui(self), message, Info, [])
| v:=inputFromUser(gui(self), "Enter username:", [], Attr)
| attrName(usr):="username"
| attrValue(usr):=v
| v:=inputFromUser(gui(self), "Enter password:", LIST, Attr)
| attrName(pwd):="password"
| attrValue(pwd):=v
| result:=[usr,pwd]
| endseq
rule OnCaptcha(captcha, cipher)=
| extend Attr with a do
| local v in
| seq
| abstract "Display Message to User and wait for input"
| v:=inputFromUser(gui(self), "Solve Captcha:", [captcha], STRING)
| attrName(a):=attrName(captcha)
| attrValue(a):=v
| result:=a
| endseq
rule OnLocation(c, cipher)=
| result:=userLocation(gui(self))
Figure 4.48: ASM Rules for Prompting for Input
rule OnError(content , cipher)=
| local message, service in
| seq
| message:=head(content)
| service:=nth(content, 2)
| displayMessage(gui(self), message, Error, [service])
| endseq
rule OnAccept(service, cipher)=
| seq
| displayMessage(gui(self), "Authenticated to service", Accept, [service])
| endseq
rule OnDisplay(content, cipher)=
| local message, extra in
| seq
| message:=head(content)
| extra:=content-[message]
| displayMessage(gui(self), message, Info, extra)
| endseq
Figure 4.49: ASM Rules for Displaying Messages
4.5.4 Communication with the Core Agent
The IdMMCore and IdMMUser agents are required to comunicate in order to display or ask for information from the user. Figure 4.50 shows the IdMMCorerules used to achive this task. These rules where first shown in Section 4.2 and will now be refined. The rule error send an error message to the IdMMUser agent, logging the error afterwards (see Section 4.8). The rule acceptis used to inform the user that authentication to a cloud service was successful, while the ruledisplaysends a message with other information to be displayed to the user. The rulepromptsets the IdMMUser agent in theOnPrompt
state, requiring the agent to prompt the user for his or her credentials and the rule user-Locationretrieves the location of the device of the user. As shown in Figure 4.48, when in theOnLocationstate the IdMMUser uses theuserLocationfunction to determine the location of the user.
rule error(message, service)=
| seq
| SendMessage(IdMMUser, pwhash(self), [message, service], OnError)
| log(Error, message, identity(self), service)
| endseq
rule accept(service, identity)=
| seq
| SendMessage(IdMMUser, pwhash(self), service, OnAccept)
| log(Accept, "Authenticated", identity, service)
| endseq
rule display(message)=
| SendMessage(IdMMUser, pwhash(self), message, OnDisplay) rule prompt=
| local m, msg in
| seq
| msg:="Welcome to the IdMM. Enter credentials!"
| m:=SendMessage(IdMMUser, pwhash(self), msg, OnPrompt)
| result:=messageContent(m)
| endseq
rule userLocation=
| local m in
| seq
| m:=SendMessage(IdMMUser, pwhash(self), "location", onLocation)
| result:=messageContent(m)
| endseq
Figure 4.50: IdMMCoreAgent ASM Rules for IdMMCore - IdMMUser Communication