When a token is released from a nonauditing IP, CardSpace will
encrypt the token. CardSpace does the encryption because the
website??™s certi?¬?cate is not sent to the IP. Instead, the token is
encrypted by the IP for CardSpace, which then uses the website??™s
certi?¬?cate to encrypt the token and release it to the site.
Auditing IPs can
track the sites a
user visits
Nonauditing IPs do
not know which
site a user visits
Using CardSpace in the Browser 247
When an IP speci?¬?es the RequiresAppliesTo element in the
Managed Card ?¬?le, it chooses to take on the role of an auditing
IP. In this case, the IP is handed full information about the recipient
of the token, including the URL of the site and the site certi
?¬?cate. It is then also responsible for encrypting the token that
will be released.
Because the IP knows the identity of the website, it can set
AudienceRestrictionCondition in the token, and as previously
discussed, this makes the token more dif?¬?cult to use in a
replay attack. Also, because the IP is given the certi?¬?cate of the
site, the IP can help evaluate the identity of the site for the user.
For example, if the user tries to use Information Cards at a
known phishing site, the IP can use the certi?¬?cate to identify the
site.
Pages:
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373