On one hand, an organization can enjoy the bene?¬?ts of having
access to important data about an individual when they are
interacting with that person, perhaps even pieces of data the
organization never had the opportunity to have before, and with
possibly greater con?¬?dence. Add to that the reduced resources
required and lower liability involved when not storing that information,
and relying on an IP becomes very attractive.
Making the business connection with the IP is the price to pay
for these bene?¬?ts. The agreement between the IP and the RP
range from casual in nature (the RP accepts identities from any
IP who supports the claims required, validated or not) to a preselected
IP or set of IPs that provides validated claims for a speci
?¬?c purpose. Reaching an agreement with the IP involves more
than just terms of service. Potentially it could include the involvement
(or creation) of an industry standards association or
committee to standardize claims and token formats.
On the other hand, in the event that the IP is using a nonauditing
STS, and the content and format of the token it produces are
acceptable, there might be no need for an agreement at all, provided
that the terms of service of the IP are acceptable and adhered
to.
Pages:
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454