Although Microsoft Passport
is used mostly for Microsoft properties, the service handles a
billion authentications a day, and going of?¬‚ine for an hour
would see over 40 million authentication requests unanswered.
It is a certainty that at least some of those users wanted to do
somethingthey believed was important.
The quoted accuracy of the data the IP exposes to the RP is important
to discuss. Whereas a real estate website that accepts
identities from an IP that fails to validate the date-of-birth claim
in their tokens is not likely to suffer, the same cannot be said for
social networking sites, where there is the constant desire to
keep children out of the hands of online predators. When an
organization considers the importance of data accuracy, each
claim must be evaluated, and both parties should agree about
the level of accuracy required and the repercussions of errors in
accuracy.
In some situations, the IP, as the owner of the data they provide,
declares certain data to be not stored or republished by the RP.
Again, this should be handled on a claim-by-claim basis; if the
RP even records the user??™s name in a log, and the agreement
prohibits it in a blanket fashion, the RP could unintentionally
?¬?nd itself in violation of contract very quickly.
Pages:
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460