In an EV certi?¬?cate, the subject name contains OLSC ?¬?elds??”
Organization, Location, State, and Country. Relying on these
?¬?elds to recognize the certi?¬?cate allows the organization to renew
or replace the EV SSL certi?¬?cate with one from any CA,
without having to explicitly notify the RPs.
The IP also has the opportunity to express their identity (and
provide brand recognition) by embedding an image into the
Managed Card, which is displayed in the CardSpace Identity
Selector. Figure 7-2 shows an example of a branded Managed
Card.
An Organization??™s Identity
The certi?¬?cate path
is the chain of
certi?¬?cates back to
the root
342 Identity Providers
Summary
The role of the identity provider is pivotal for the entire Identity
Metasystem model. Many businesses and authorities are suitable
to expand their online operations and become identity
providers. In this chapter we enumerated some of the considerations
and requirements that should be taken into account while
planning an IP.
Figure 7-2 Importing a Managed Card branded with a corporate logo
Index
343
A
accepting
Managed Cards at websites,
244-246
Personal Cards at websites,
243-244
Access Denied errors, 236
accessibility, 283
accounts
associating Information
Cards with, 288
creating, 288-291
maintenance, 297
recovering, 291-293
Active Directory Federation
Services (ADFS), 327
ad hoc connections to
services, 329
addresses
MEX addresses, 201
WS-Addressing, 144
ADFS (Active Directory
Federation Services), 327
age-restricted markets, 332
airline mileage cards, 311
algorithms, asymmetric
key, 39-41
applications, connecting to, 330
AreCardsSupported()
function, 279-282
Argument Error, 236
asset virtualization, 10-16
associating Information Cards
with accounts, 288
assuming consent, 324-325
asymmetric key algorithms,
39-41
attacks
brute-force attacks, 39
information-entering
phase, 17-20
information-processing
phase, 24-26
information-storing phase,
24-26, 131
information-transfer phase,
21-24
man-in-the-middle attacks,
22-24
phishing
CardSpace and, 180
de?¬?nition, 18
growth of, 19-20
step-by-step process, 18-19
targeted phishing, 19
SQL injection, 26
AudienceRestrictionCondition
(SAML), 241, 246-247
auditing IPs, 246-247
authentication
alternative security measures,
293-294
authentication levels (IPs),
314-315
brokered trust, 134-136, 161
canonical scenario, 132-134,
159-161
CardSpace
AreCardsSupported()
function, 279-283
CardsNotSupported class,
281-282
CardsSupported class,
281-282
Don??™t Have Your Card?
link, 283
overview, 277-278
Remember Me Next Time
check box, 283
Sign In with Your
Information Card
button, 283
training users to look
for Information Card
sign-in, 285
What Is This? link, 283
344 Index
certi?¬?cate-based client
authentication
corporate smartcards
and intranet certi?¬?cates,
60-62
eIDs (electronic IDs), 65-69
overview, 60
SSL (secure sockets
layer), 62-65
challenges of transporting
credentials, 79-84
extended authentication, 272
HTTPS, 52-57
hybrid authentication, 275
issued token-based
authentication
de?¬?nition, 70
Kerberos, 72-76
overview, 69-71
SAML (Security Assertion
Markup Language),
76-79
Managed Cards, 197-198
multifactor authentication, 334
overview, 57-59
password authentication,
31, 289
providing strong
authentication to RPs, 333
server authentication
challenges, 35-36
overview, 38
simple authentication, 272
AuthenticationContext WCF
object, 260
authorization.
Pages:
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491