Super E-book library

EV certi?¬?cates are
available from
most certi?¬?cate
authorities
SSL certi?¬?cate private
keys are normally
not used by
an application
Support for
Information Cards
can be added to
any database
277
The data for Information Card support includes the following:

UniqueID. Depending on the speci?¬?c implementation,
this is either an auto-generated index value or unique
identi?¬?er generated as a result of the token processing. In
many implementations, it is generated as a hash of the
PPID and the issuer??™s identity (RSA public key).

UserID. The existing account identi?¬?er that can be used
as a foreign key to the InformationCards table.

PPID. The PPID (Private Personal Identi?¬?er) claim from
the token. This is different from the site-speci?¬?c ID that
the user sees in the Identity Selector (see the sidebar
???The Site-Speci?¬?c ID???).

IssuerID. Storing the identity of the issuer is optional.
This is valuable in situations where the websites accept
Managed Information Cards and may need to update the
UniqueID if the IP changes its certi?¬?cate keypair. This
could also be implemented as a foreign key to a database
of issuer identities.
Examining the Authentication Experience
For authentication on websites today, some elements are nearly
identical on most sites (for example, two entry ?¬?elds and a button),
but some elements are less common but are often found in
Putting CardSpace to Work
InformationCards
PK
FK1
UniqueID
UserID
PPID
IssuerID
Users
PK UserID
FirstName
LastName
EmailAddress
Figure 5-1 A typical database schema for a site to support Information
Cards
The user never sees
the PPID directly in
CardSpace
278 Guidance for a Relying Party
one form or another (a check box for Remember Me, for
instance, and a link for Forgot Your Password?).


Pages:
387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411