Not every RP will be willing to follow such
an extreme route, and some businesses will need to store information about
their users in the form of pro?¬?les (again, see the box ???Freeing the ???Hostage
Identity??™??? for an example). In any case, the approach does not need to be
pushed to its limits to be effective: RPs can choose to avoid storing certain
classes of personally identi?¬?able information to reduce their liability in the case
of security breaches in their stores.
In summary, the Identity Metasystem model offers powerful tools for mitigating
the effect of attacks in the information-storing phase, too; however, use of those
tools cannot be enforced, and effective countermeasures are ultimately left to
the competency of the RP.
132 Hints Toward a Solution
Metasystem, we now have at our disposal the intellectual tools
for modeling any identity transaction of arbitrary complexity.
The Canonical Scenario
In the most classic scenario, we have one instance of every role
represented. We have one subject, S, one relying party, RP, and
an identity provider, IP. The situation is completely straightforward:
S wants to use RP, which in turn requires its callers to
present an identity issued from the IP to authorize access.
Pages:
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234