Not having access to your identity,
stored in the inaccessible government backend, the bartender
website would have no way of establishing whether you are 21.
This is another form of ???hostage identity??? we mentioned in the
section ???HTTPS, Authentication, and Digital Identity???:
Substituting passwords with certi?¬?cates gave us a much safer
kind of credentials, but the same distinctions between credentials
and identity still apply.
The usage required by some kind of eID simply cannot follow
the state of things as exempli?¬?ed in the previous paragraph. The
eID must enable its bearer to communicate facts about him as
statements endorsed by the issuing authority. That is the sheer
raison d??™??tre of documents in the of?¬‚ine world, and the electronic
counterparts are no exception. As a result, such
statements must be somehow embedded in the eID. Because
there??™s not always room for them directly in the certi?¬?cate, a
common solution consists of storing on the eID a data fragment,
signed by the CA associated to the eID issuer, containing the
desired information. Such a data fragment must be signed by the
authority for enjoying the same trust as the certi?¬?cate itself.
Pages:
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133