This is on par with how most information
is collected on the Internet today??”users can sign up with various websites
without any third-party con?¬?rmation of the details that they provide to the website.
This is the case when a user creates accounts at web commerce sites or
blogs. He provides information in a web form without any third-party validation,
and the site accepts it without question.
User-created identities
contain lowvalue
information
A card can be
uniquely identi?¬?ed
by its PPID
191
With every new Personal Card that is created in CardSpace, a
master key and card ID are generated and stored with the card.
The card ID contains a randomly generated globally unique
identi?¬?er (GUID). The master key is 32 bytes of random data.
Because each card generates a card ID and master key, each
card is different from the last.
For each RP that the user visits, CardSpace uses properties from
the RP??™s certi?¬?cate, along with the card ID, to generate a unique
PPID. If the RP does not have a certi?¬?cate, the domain name
from the site URL is used instead. It also uses elements from the
RP??™s certi?¬?cate, along with the master key, to create a cryptographic
public/private key pair.
Pages:
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310