The big
shift is modeling
them explicitly
120 Hints Toward a Solution
your driver license, nor would you attempt to get a discount at
the local department store by waving your passport. Yet, as
mentioned in the section ???Consistent Experience Across
Contexts,??? with today??™s online-authentication system, errors of
that magnitude are not uncommon. Expressing identities as collections
of claims was the ?¬?rst step toward clarifying the information
?¬‚ow: Explicitly stating the issuer of those claims, and its
trust relationship with the RP requesting them, is the step that
?¬?nally de?¬?nes the transaction details and helps the subject to
make informed decisions.
Another important effect of introducing the concept of IP lies in
the reinterpretation of transactions in which the identity information
is claimed by the subject itself. In today??™s online world,
many of the low-value services (typically the ones for which you
are not charged) do not require the user to be endorsed by any
speci?¬?c IP. The authentication operation will just verify that the
current requestor owns the credentials associated with a certain
signup pro?¬?le. That signup pro?¬?le, created at registration time, is
the subject identity.
Pages:
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214