By
restricting the claims that Personal Cards support, CardSpace
stops the user from inadvertently exposing those kinds of private
data to other parties. In addition, because the Personal Card STS
is on the user??™s machine, the data is also on the user??™s machine.
By keeping only the less-sensitive data on the user box, there is
less to motivate attackers to try and compromise the system; and
if they do compromise the system, there is little to gain in terms
of personal user information.
As the issuer of the Information Card, the user has the capability
to modify the values in the claims of the card, except the private
personal identi?¬?er.
Unique Personal Cards
If the user has the capability to create a card that has all the
same data for the claims in it, how can an RP use such cards for
authentication? The answer lies in the implementation details of
the claim represented by the URI http://schemas.xmlsoap.org/
ws/2005/05/identity/claims/privatepersonalidenti?¬?er. This URI
represents a piece of data that is called a private personal identi-
?¬?er (PPID). This claim is not editable by the user; instead, it is
generated by CardSpace.
accurate claim values. Typical claim values that the user might provide are
email address, name, and street address.
Pages:
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309