Information Cards broker trust in the same manner that real
cards do. The technology that is used to ensure the information
comes from the IP is different because it is a virtual card rather
than a physical card. In addition, the means by which the user
proves that the information refers to them may vary, but the way
the user can conceptualize the interaction is the same.
Proof that the information actually is provided by a trusted IP is
provided by using a digital signature over the token, which contains
the information (claims) that is being asserted.
The signature can be cryptographically veri?¬?ed as having been
produced by the IP. Figure 3-5 shows Scott??™s information that
has been signed.
Any token format may be used to express the claims and their
values, as long as it is understood by the IP and RP. The current
Digital signatures
are used to prove
the source of information
Figure 3-5 The claim values in the CardSpace security token are
wrapped inside of a digital signature of the IP. This guarantees it is the
IP that is asserting the claims.
183
standard is to use a SAML1.1 token. This is just a standard;
CardSpace is token-agnostic because it is just negotiating the
interaction between the RP and IP.
Pages:
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299