Auditing and Nonauditing IPs
An interesting aspect of an IP??™s implementation is whether it
chooses to be told which sites it is issuing a token for. This
decision has both privacy and security implications.
An auditing IP wants to know the sites their cards are used at,
whereas a nonauditing provider issues tokens without knowing
the intended recipient. When using a card at a website, the capability
of an IP to audit a card is dictated by the presence of
RequiresAppliesTo in the Managed Card ?¬?les it issues to users.
If this element is present, CardSpace will send the identity of the
site to the IP. If the element is absent, the IP has chosen to be
nonauditing, and the website identity will not be sent.
In the nonauditing case, the IP must be willing to disclose information
to any website that the user has decided to trust. In addition,
without knowing which site a token is being released for, it
is not possible for the IP to set AudienceRestrictionCondition
in the generated token. This makes it easier for the token to be
replayed to a different site. Of course, the bene?¬?t of a nonauditing
IP is that it allows the user to submit their identity information
without being tracked.
Pages:
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372