A good RP will respect the
user??™s desire for privacy, but after a security token has
been delivered into the hands of the RP, the IP has no
control over that copy of the data. RPs may also be concerned
with their own privacy??”is the RP being tracked?
These factors affect the IP??™s decision to implement an
auditingor nonauditingSTS.
What Does an Identity Provider Have to Offer?
Are There Standard Claims That My Cards Must Contain?
CardSpace doesn??™t dictate which claims should be found in a token??”to allow
for uses of Information Cards that can??™t be envisioned yet, the designers opted to
enforce no minimum set. Each claim that appears in your card is under your direct
control
There is, however, a set of claims that have already gained momentum in the industry
??”the claims found in a Personal Card, which can be found in Chapter 3,
???Windows CardSpace,??? Table 3-1. Because the Personal Card claims are already
de?¬?ned, it??™s a good idea to use those claims when representing those particular
elements. Choose only the claims that you ?¬?nd valuable??”you are not
forced to include them all.
If your Managed Cards are intended to uniquely identify an individual, it is recommended
that you include the Private Personal Identi?¬?er (PPID) claim in your
Managed Card.
Pages:
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485