Whatever the case, at this point the website already has some
information about this user??”in this case, his ?¬?rst name??”and
can use that information to provide the user a better experience.
Putting CardSpace to Work
Figure 5-7 A user presents a card the website does not recognize.
288 Guidance for a Relying Party
Associating an Information Card with an Account
To associate the user??™s account with an Information Card, it is
necessary to prove ownership of the account. Two of the easiest
methods the website can use is the existing username and password
credentials and con?¬?rmation of the user??™s e-mail address,
previously stored with the website (see Figure 5-8).
Users opting for username and password authentication just
enter their credentials and have the card associated with their
account. The second method of authentication is to send users
an email message to the address in their card containing instructions
and a cryptographically generated code and have them
respond to that to prove they control that email address. A possible
web page that implements such a system would look
something like Figure 5-9.
Creating a New Account
Perhaps the most compelling use of Information Cards for a
commercial website is using cards to accelerate account signup.
Pages:
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422