When an RP requires the S to present an identity
obtained from an IP, it is asking S to present itself as a ???customer??? of the IP as
opposed to a customer of the RP. If you are using an automatic kiosk for checking
in for a ?¬‚ight, you can swipe the credit card that you used to buy the ticket.
First and foremost, your ownership of the credit card proves that you are a customer
of the credit card company; then, it is also a moniker for your record in
the airline company back end. The airline didn??™t outsource its authentication
operations to the credit card company. If you swipe your spouse??™s credit card,
the system will not let you in. Furthermore, the data about the seats and whether
the ticket allows access to the lounge is still on the airline??™s database, as opposed
to the credit card company??™s. With IPs and RPs, it is almost the same. The
RP trusts the fact that the S is recognized by the IP because it is able to present
an identity from the IP. But that does not imply that RP will not perform any additional
controls, nor that all the data relevant to the transaction must come
from the IP. In fact, some data is pertinent only to the relationship between the S
and the RP, and therefore they are not supposed to be ???freed.
Pages:
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218