If the RP requires the subject to supply certain information,
the subject can decide whether he or she wants to disclose that data or withhold
it. Ultimately, however, if that data is required for performing the service offered
by the RP, the choice is between using the RP or giving up. Organizing the
transaction according to the Identity Metasystem is the best way to conduct the
process in the best possible way; but after the information is in the hands of the
RP, its destiny is bound to what the RP will do with it. The law of directional
identity will prevent certain kinds of abuses, but it cannot prevent the RP from
storing data in an insecure location. Fortunately, the concept of claim-based
identity enables new scenarios in which the problem is eliminated altogether.
Because subjects can now move their identities in the form of claim collections
(see the box ???Freeing the ???Hostage Identity??™???), RPs are not forced to store much
information about its users. RPs may choose to store the absolute minimum for
authenticating a returning user, relying on the subject to provide all the information
in the form of claims every time it starts a session with the RP. Simply put,
what is not there cannot be stolen.
Pages:
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233