We
have explored an example of that scenario during our discussion
of the Identity Laws in Chapter 2, ???Hints Toward a
Solution,??? speci?¬?cally in the sections ???User Control and
Consent,??? ???Minimal Disclosure for a Constrained Use,??? and in
the enumeration of the components of the Identity Metasystem,
namely in the ???Claim Transformers??? section.
To further understand the scenario, we can look at an example
of when an employee at one company needs to access a document
that is maintained at another company??™s site. In this case, a
federated approach to identity management can bene?¬?t both
companies. It means users only need accounts at the company
they work for. This reduces account management cost because
there is a single location to maintain account data, or incur
other costs, such as password resets. In addition, it makes it
easier to ensure account status is accurate. If an employee is
leaving a company, only their employer needs to disable their
account to prevent their access to partner resources.
How does this result in a new deployment pattern for
CardSpace? We??™ll ?¬?rst walk through some of the justi?¬?cation
for this and then go deeper into the details.
Pages:
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375