The actual identities of the user are the
sets of relevant facts that are kept on the service provider stores
and are unlocked by transmitting the correct set of credentials
(see the concept of hostage identity in the section ???HTTPS,
Authentication, and Digital Identity,??? in Chapter 1). If a username-
password couple is reused across two different services, it
will likely correspond to two different identities; this is
supremely confusing for the user, who manipulated directly just
the credentials and is only vaguely conscious (if at all) of the
existence of the associated identities unlocked on the serviceprovider
side. Password manager utilities do not really help, and
sometimes they make things worse. By showing that the same
username is used across different websites, they may induce the
user to believe that he is using the same identity across the
group even though the user pro?¬?les kept on different service
providers may be dramatically different. That is certainly a setback
in the attempt to instill context awareness in the user.
This last thought experiment describes just what happens at
authentication time. However, there are countless other times at
which online applications ask you to disclose fragments of our
identities.
Pages:
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195