SEARCH
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
PARTS:
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
Part 23
Part 24
Part 25
Prev | Current Page 379 | Next

Vittorio Bertocci, Garrett Serack, Caleb Baker

"Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities"

These include
the required issuer, required claims, and optional claims. The
other policy options that can be speci?¬?ed include the following:
token type, the issuer??™s MEX endpoint, privacy policy URL, and
privacy policy version. The options available from the browser
are actually a subset of the WCF options. WCF offers more support
because it is able to provide active protocol security. This
means the token returned by CardSpace can be cryptographically
tied to the channel between the user??™s client application
and the Web service endpoint. The token is bound to the channel
using a proof token. This is done by having a reference to
the proof token contained within the message returned by the
IP??™s STS, which also contains the issued token. Then the proof
token is used to prove that the user presenting the issued token
is the user that the token was meant for. This is strong mitigation
for reply attacks.
The characteristics of the proof token and how it is used can
vary based on the options provided. The interesting options are
the following:
A rich client has
more con?¬?guration
settings then a
website
262 CardSpace Implementation
 KeyType. Used to specify that either a symmetric or an
asymmetric key should be used in the proof token.


Pages:
367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391
Beginners Guide to SQL Server Integration Services Using Visual Studio 2005 (page 33) Pro ASP.NET 3.5 Server Controls and AJAX Components (page 1730) Practical Reporting with Ruby and Rails (page 123)