The STS
produces security tokens for the user with data populated by the
IP. This is the type of card that would be used in cases where
there is a strong assurance required for the security of the data
that is released in the security token.
How does a user get a Managed Card? Managed Cards are issued
by an IP. They are delivered as a digitally signed XML ?¬?le
that contains the metadata that contains the details needed to
use the card. This metadata contains information about the issuer,
the claims the issuer supports, card details, the types of
tokens the issuer supports, and the authentication type. Of
course, this complexity is hidden from users. They receive the
card as a ?¬?le with a .crd extension, which has a card icon associated
with it, as shown in Figure 3-10.
When the user receives the card (with the .crd) extension, the
user can import it into CardSpace by double-clicking the card
Managed Cards
store sensitive
information at
the IP
Managed Cards are
distributed in CRD
?¬?les
Figure 3-10 Managed Cards use the .crd ?¬?le extension and have an
associated card icon.
197
?¬?le. There is no programmatic method to import the card without
the interaction of the user??”this is designed with the ?¬?rst law
of identity, covered in Chapter 2, in mind (???User Control and
Consent???)??”so that users are always involved in every aspect of
their digital identity.
Pages:
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317