That wasn??™t part of the deal!
The trick is that the privacy policy only tells us what the company is promising,
not necessarily what they will do. Letting the cat out of the bag turns out to be a
whole lot easier than putting it back in. Once released, this data is virtually indestructible
??”copies can be made in seconds, and the only recourse the customer
has is through the courts. Customers vote with their pocketbooks and may
seek out your competitor if they feel their privacy is at risk.
340 Identity Providers
Roaming with Information Cards
A signi?¬?cant percentage of users use more than one computer??”
often one at work and another at home. While a user can import
the same Managed Information Card on multiple computers and
use it in multiple places, there is one side effect when doing so:
a Managed Information Card that is used with a nonauditing STS
(where the IP doesn??™t request the identity of the RP). CardSpace
generates a new master key for that card when it is imported.
The master key is used to generate a unique identi?¬?er (per the
RP site) that can be passed to the RP, so that the RP identi?¬?es a
return visitor. Because the master key is generated at import
time, each computer passes a different unique identi?¬?er to the
RP, making the RP believe the user is not the same as one using
the same card imported on another computer.
Pages:
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489