Relying Party Identi?¬?cation Page
How do you identify the RP that is requesting a card? During the
?¬?rst visit to a RP, the user is shown a page that identi?¬?es the
site/RP. The information on the page is taken from the RP??™s certi
?¬?cate; in the case of a website, it is take from the SSL certi?¬?-
cate. This means it is required that a website uses SSL when
using CardSpace. The common name (CN) from the subject
?¬?eld of the site??™s certi?¬?cate is displayed on the page in the section
???Site Information.??? The CN of the certi?¬?cate issuer appears
in the section ???Site Information Veri?¬?ed By??? (see Figure 3-14).
In the case where the site does not have an SSL certi?¬?cate, and
the .NET Framework 3.5 CardSpace client is being used, the
URL of the site will be shown, as well as a warning that the information
released will not be encrypted.
Features of the CardSpace UI
Figure 3-13 When CardSpace is disabled, Internet Explorer navigates
the CardSpace safe page.
The RP
Identi?¬?cation page
helps users evaluate
the sites they are
visiting
208 Windows CardSpace
This page also provides a link to view the privacy statement.
This allows the RP to publish a privacy policy in plaintext that
can be read from within the CardSpace UI.
Pages:
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331