In addition, if
the EV certi?¬?cate contains a logotype extension, it is critical that
the full URL of the logo points to the appropriate graphic and
continues to do so.
Make the certi?¬?cate private keys to the application available.
This is a signi?¬?cant change and one that is unlikely to be in
place before using Information Cards. Generally, cryptography
has been used for transport-level encryption only, and therefore
access to the private keys has not been granted to the web application
itself. To perform the message-level decryption of the
security tokens posted by the client, the private keys are
required. How you accomplish this is speci?¬?c to the platform on
which the application is hosted.
Database Changes
To accept Information Cards for authentication, additions to the
website??™s database are made to handle the data required for
authentication and account maintenance. To minimize the impact
of adding support for Information Cards, you should make
these changes in a way that does not require you to modify existing
tables, views, or procedures. The addition of a single
table, with a foreign key relationship to the existing index of
users, provides a fairly hands-off approach to existing data and
enables users to associate more than one card with their
accounts.
Pages:
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410