For now, we will skip over this case and
revisit it in more detail later in this chapter, in the section
???Federation with CardSpace.???
RequiredClaims
This property is used to specify a list of claim types that the website
is requiring. This allows the site to request an email address
or any other information they are interested in. CardSpace will
230 CardSpace Implementation
include this list of claims in the RST to the card provider when
requesting the token. The card provider should then only return
the information being requested (minimal disclosure).
CardSpace also uses this claims list to match cards, disabling
any cards that do not support the claims being requested. Just as
with issuer matching, this helps the user select a card that can
be used to satisfy the current request.
There must be at least one required claim speci?¬?ed in the extension.
(This is the only property that requires a value.) If the site
does not have a reason to request a claim-speci?¬?c claim, just
asking for the private personal identi?¬?er is probably a good
choice. This won??™t needlessly disclose any of the user??™s personal
information or cause the user to have to stop what he is doing
(such as logging in to your site) and ?¬?ll out any information on
the card.
Pages:
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352