Expecting the user to understand
WS-MetadataExchange and WS-Trust is possibly even more
na??ve than expecting the user to be able to assess the identity of
a website from its SSL certi?¬?cate. Having a solid layer of common
protocols is a prerequisite for having a consistent experience
across contexts. However, the experience must be good to
begin with. Here, goodstands for all the criteria established by
the laws. The user must understand what is going on, he must
be aware of his options, he must be able to make decisions in a
natural fashion and be con?¬?dent of the expected outcome, he
must be empowered to understand with whom he is dealing
with, and so on. In the section ???The Dance of Identity??”
Implemented by WS-*,??? we described in detail how the two
most common scenarios in the Identity Metasystem are implemented
via web services. In those sequences, we have seen
What About the Web Browser?
We have seen in detail how web services provide all the necessary power for
implementing secure identity transactions. It is common knowledge, however,
that as of today the vast majority of interactions on the Internet goes through a
web browser. As observed in the section ???WS-Federation,??? the web browser is
passive.
Pages:
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277