Non-EV certi?¬?cates follow a similar rule. However, in addition to the OLSC of
the RP certi?¬?cate, the OLSC of all the certi?¬?cates in the certi?¬?cate chain are
used. This means the certi?¬?cate chain must also remain the same when the RP
certi?¬?cate is changed.
The PPID is different
for each site
and as such helps
protect the user??™s
privacy
193
The PPID generated by CardSpace is sent to the RP as a Base64-
encoded SHA1 hash. Here is an example of such a hash:
RJzXlauo+mGTa6UlmyK7cCzSmNbFUuJXpsh/yMQLa7s=.
Occasionally, the RP and the user may need to communicate
about which speci?¬?c card was used at the site. For example, if
users want to remove a particular Personal Card from their account,
but the claims on all of their cards are identical, the only
way for users to know the difference between the two is the
PPID. Yet, a 40-digit hexadecimal string is unwieldy for users to
read off during a support call, so CardSpace instead displays the
PPID claim to users as the ???site-speci?¬?c card ID,??? which is a 10-
digit representation of the PPID that CardSpace has generated.
Figure 3-9 shows the site-speci?¬?c card ID, as shown in
CardSpace.
Although it may be tempting to use only the PPID to identify a
user, one additional check must be done to ensure maximum
A Deeper Look at Information Cards
Figure 3-9 CardSpace displays the site-speci?¬?c card ID when the PPID
claim is requested.
Pages:
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313