With the new model, all this can change. The Subject can obtain its identity
from an IP, and the website (which clearly plays the role of an RP) does not need
to keep those claims buffered anymore. The Subject can use the same collection
of claims with any other RP that trusts the IP. The hostage is free. This is a true
game changer, and it??™s natural to wonder how it can impact current practices.
As this chapter unfolds, things will get clearer. Furthermore, Chapter 6, ???Identity
Consumers,??? is entirely devoted to IPs and explores those issues in depth. In this
sidebar, we address an apparent contradiction induced by the introduction of
the three roles. Now that an RP relies on an IP for releasing identities, aren??™t we
122 Hints Toward a Solution
Components of the Identity Metasystem
The preceding section introduced the roles that an entity can
possibly play in an identity-related transaction. You can verify
identities (RP), you can have your identity veri?¬?ed (Subject), and
you can provide an identity to somebody (IP). This is a beautiful
outsourcing authentication? Didn??™t we say in ???Justi?¬?able Parties??? that outsourcing
authentication is bad?
The point is subtle but important.
Pages:
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217