CardSpace uses the issuer that the website has speci?¬?ed to highlight
a card that can be used for the current operation. This
means if the self-issued URI is speci?¬?ed, only Personal Cards
can be used; all Managed Cards will appear grayed out, and the
Send button will appear disabled. Similarly, if a Managed Card??™s
URI is used, only cards from that issuer can be used.
Issuer is an optional property on the browser extension object. If
it is omitted, this is interpreted by CardSpace to mean any issuer
can be used, so all cards that can satisfy the requested claims
and token type will be enabled. In all cases, when the token is
returned to the site, the site should make sure that it is actually
signed by a trusted issuer. The fact that a speci?¬?c issuer is speci-
?¬?ed in the browser extension does not guarantee that a token
from that issuer is being returned to the website. That CardSpace
only enables cards that match the speci?¬?ed issuer is a usability
feature and should not be treated as a security feature.
IssuerPolicy
This property is used solely for federation scenarios, and in most
cases is not speci?¬?ed. It indicates the MetadataExchange (MEX)
endpoint of an STS.
Pages:
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351