Chapter 6, ???Identity
Consumers,??? examined IPs as a re?¬‚ection of real-life IPs, which
is helpful in selectinga provider. This section is an examination
of the business reasons why an organization should choose to
manage identities, regardless of whether the organization is
satisfying their own needs or enlisting external RPs to accept
their identities.
There are clear
business reasons for
becoming an IP
?– Perspective: Crossing a Trust Boundary and Assuming
Consent
Customers building enterprise applications that are available only inside of a
corporate network often inquire as to how they should use CardSpace in the
construction of these programs. Although this type of software can leverage the
same bene?¬?ts from claims-based programming as applications used on the
Internet, they generally don??™t cross a trust boundary??”they are used exclusively
in the same environment where users are already trusted. Generally, inside the
corporate network, users have already authenticated to gain access to internal
resources, and by adding an additional layer of authentication, users are just
having their frustration increased. An application can still be built to validate access
by getting claims from a token via a Security Token Service (STS), but that
doesn??™t require explicit user consent??”one can assume that users have granted
consent to validating their roles or memberships by logging in to the corporate
domain.
Pages:
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465