To allow users to
Figure 7-1 CardSpace shows the contents of the display token to the
user.
341
roam, CardSpace enables them to export their cards (Personal
and Managed Cards) to a PIN-protected archive (a CRDS ?¬?le),
which they can then copy to another computer and import into
CardSpace and have the cards work the same as on the original
computer.
An Organization??™s Identity
As an IP, an organization must maintain their identity, too. The
identity of the IP is asserted by the details in the SSL certi?¬?cate
that is used to sign the tokens generated by the STS. In a standard
SSL certi?¬?cate, usually only ownership of the site domain is
checked; other information, such as company name and location,
is not veri?¬?ed by the Certi?¬?cate Authority (CA).
In 2007, the CAs began to provide Extended Validation (EV) SSL
certi?¬?cates, which are issued to organizations that meet certain
criteria for proving their identity to the CA, including veri?¬?cation
of the physical of?¬?ce where the organization can be reached.
These certi?¬?cates come at a premium price. Because the CA is
providing veri?¬?ed information about the IP in the certi?¬?cate, the
RP should use the validated ?¬?elds to track the identity of the IP.
Pages:
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490