SEARCH
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
PARTS:
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
Part 23
Part 24
Part 25
Prev | Current Page 365 | Next

Vittorio Bertocci, Garrett Serack, Caleb Baker

"Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities"


This is when the new federation deployment pattern comes to
the rescue. The solution requires the wholesaler to deploy a
new security token service. This token service allows the wholesalers
to centralize the processing for the following:
 Which card issuers are trusted
 How to normalize different issuers??™ claim types
 How to derive new claim values, such as ???preferred???
customers.
Because the new STS is used to protect resources, and is maintained
by the entity that owns the resources, it is referred to as a
Resource STS (R-STS). The schema shown in Figure 4-7 represents
a concrete implementation of the pattern ???Brokered Trust???
introduced in the section ???The Dance of Identity??? in Chapter 2.
Adding an STS
reduces the need to
duplicate business
logic
250 CardSpace Implementation
When a website wants to request a token from an R-STS, it must
specify the MEX endpoint for the R-STS. This allows CardSpace
to get the resource STS??™s policy and determine the R-STS??™s security
requirements. The MEX endpoint is set by using the
issuerPolicy property on the browser extension. It needs to be
set to the URL that publishes the policy for the R-STS. In this
case, the issuer property on the browser extension is just the
URL of the resource R-STS??™s endpoint, which is used to issue the
requested token.


Pages:
353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377
Beginners Guide to SQL Server Integration Services Using Visual Studio 2005 (page 198) Pro ASP.NET 3.5 Server Controls and AJAX Components (page 1259) Practical Reporting with Ruby and Rails (page 81)