A ?¬?nal factor to consider when selecting an IP is their choice of
authentication level. Because all Managed Cards require the
user to authenticate to the STS, the IP chooses to support one or
more of these: Personal Information Card, X.509 certi?¬?cate (including
smartcards), Kerberos tokens (from a domain controller),
or just a username and password. An IP that chooses to support
authentication via a smartcard, for example, is providing strong
cryptographic proof about who that user is. On the other end of
the spectrum, a user authenticated via username and password
Retail stores share
data with their
suppliers
Some situations
require a particular
IP
CardSpace supports
four types of
authentication to
the STS
315
could be someone who has acquired the credentials of the user
either by deliberate sharing or by phraud. Potentially. By choosing
an IP that already employs strong authentication (such as
smartcards), an organization can get a higher assurance level,
with less cost and effort.
Relying on an IP
Shifting a business from a model where it stores all the information
of a customer itself into one where it can comfortably rely
on data provided by another party is a signi?¬?cant paradigm shift.
Pages:
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453