SEARCH
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
PARTS:
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
Part 23
Part 24
Part 25
Prev | Current Page 292 | Next

Vittorio Bertocci, Garrett Serack, Caleb Baker

"Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities"


Imagine a bank issues an Information Card that can be used as a
credit card. When people shop online and want to use the card,
they authenticate to the credit card STS. How this authentication
is done is covered in more detail later in this chapter, but one
method is by using a smartcard. After authenticating users, the
IP sends back a token that contains their credit card information,
which is then sent to the RP. Now the question is what if somebody
installed this card on his laptop and the laptop got
stolen??”can the thief now use the card to go on a spending
spree? The answer, is no, not without the smartcard, or knowledge
of how to authenticate to the IP as the user. The valuable
data is not stored on the laptop; it is back at the credit card STS.
How Does CardSpace Help the User Select a Card?
When a request for a security token is made by an RP, CardSpace matches up
the request with available cards. The following matching criteria are used:
 Which IP is being requested
 What claims are being requested
 What token type is requested
If the card cannot satisfy the request, CardSpace turns the card image a dull gray
and provides text explaining why the card cannot be used.


Pages:
280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304
Beginners Guide to SQL Server Integration Services Using Visual Studio 2005 (page 172) Pro ASP.NET 3.5 Server Controls and AJAX Components (page 1398) Practical Reporting with Ruby and Rails (page 175)