SEARCH
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
PARTS:
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
Part 23
Part 24
Part 25
Prev | Current Page 306 | Next

Vittorio Bertocci, Garrett Serack, Caleb Baker

"Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities"


Authentication with an IP
Managed Cards represent digital identities that are released as
security tokens only after the user has successfully authenticated
to the IP. To allow CardSpace to let the user authenticate, the IP
must support one of the following four authentication schemes:
 X.509 certi?¬?cate. An IP can require that the client provide
proof of a speci?¬?c X.509 certi?¬?cate. Through this,
the IP enables the use of soft certi?¬?cates, smartcards, or
other devices that expose an X.509 certi?¬?cate to the
crypto API (CAPI) as a form of client identi?¬?cation.
 Kerberos. An IP can require the client to submit a
Kerberos token to authenticate. This enables the use of a
Managed Card when connected to a Windows domain.
 Username and Password. The IP can also use a username
and password for user authentication.
 Personal Card. A Personal Card can be used for authentication
to the STS. This Personal Card must have previously
been submitted to the IP, so the card??™s PPID and
public key can be used to authenticate the user.
When a Managed Card is used, the user is prompted from the
CardSpace UI to provide the credentials required for authentication
(see Figure 3-11).


Pages:
294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318
Beginners Guide to SQL Server Integration Services Using Visual Studio 2005 (page 17) Pro ASP.NET 3.5 Server Controls and AJAX Components (page 100) Practical Reporting with Ruby and Rails (page 324)