Although the
focus is weighted toward the usage of Personal Cards, many of
the principles can be applied to scenarios where Managed
Cards are used, too.
Users expect
interfaces to be
consistent
275
Preparation
To accept Information Cards, the server environment must be
con?¬?gured correctly. Websites may have addressed some or all
these issues already; but when working with security tokens,
these become critical for success.
Ensure that the server is set to the correct time. Security tokens
are time stamped, and with greater control over the accuracy of
the timekeeping of the server, the window for accepting tokens
can be narrowed, limiting the opportunity for token replay and
man-in-the-middle attacks.
An SSL certi?¬?cate becomes more than a simple requirement for
HTTPS encryption. The certi?¬?cate represents the identity of the
RP, as assured by the certi?¬?cate authority. The RP should ensure
that the SSL certi?¬?cate contains up-to-date and correct data and
that the certi?¬?cate authority is viewed as trustworthy.
Putting CardSpace to Work
?– Perspective: An Era of Hybrid Authentication
In labs, samples, and test sites, it is easy to build a website that relies entirely on
Information Cards.
Pages:
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408