325 Uncovering the Rationale for Becoming an Identity Provider
Sometimes, consent is not simply releasing information to the application, but
actively deciding something??”users may be asked to explicitly authorize a particular
operation as an of?¬?cial of the company. Examples include authorizing
the release of funds for a project, issuing a press release, or approving a new
hire. Users inside a company could have several Information Cards that represent
them in different capacities in their jobs. Different cards could have different
levels of authentication backing them??”a card used to authorize the
purchase of of?¬?ce supplies could sensibly be backed with a Kerberos token
gained from authenticating with the domain, whereas a card that is used to authorize
a billion-dollar trade may require the use of a smartcard and PIN. In this
way, CardSpace enhances the business application by de?¬?ning the moment of
consent, granting the user an understanding of the gravity of the operation.
Architects are best serving their customers by asking, ??? What trust boundary is
crossed???? and ??? When did the user give consent???? These types of questions often
reveal insight into how to use Information Cards to interact with the user when
inside an enterprise.
Pages:
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466