Providing Strong Authentication to Relying Parties
An IP that issues Managed Information Cards with a strong authentication
factor (such as a smartcard) grants the bene?¬?ts of
the strong authentication to the RP, without the RP having to
have the resources to manage such strong authentication.
Imagine a company-issued, smartcard-backed Information Card
that a merchant website could accept??”using the token from the
company??™s STS, the merchant gains the con?¬?dence that the user
is a legitimate representative from the company but doesn??™t have
to issue smartcard readers and cards to all the users accessing its
system.
It is worth noting that when the Managed Card ?¬?le (a .crd ?¬?le) is
created, the card contains a user credential element, which is
used to describe how the user can authenticate to the STS. In
the case of cards using X.509 certi?¬?cates (smartcards) or a
Personal Card for authentication, the card ?¬?le must have data
embedded into it at creation time (some metadata that references
the certi?¬?cate or Personal Card), which means the credential
must be available at the time the card is provisioned.
Uncovering the Rationale for Becoming an Identity Provider
Although
CardSpace cannot
yet manage payments
directly,
cards can be used
to transmit credit
card information
and utilize the
current credit card
processing system
RPs can have the
bene?¬?ts of strong
authentication
without having to
provide the resources
to manage
it when they use an
IP that issues
Managed
Information Cards
based on strong
authentication
334 Identity Providers
What Does an Identity Provider Have to Offer?
In Chapter 6, the section ???Criteria for Selecting an Identity
Provider??? examined the elements that an RP is looking for when
selecting an IP.
Pages:
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479