I feel that the focus of Windows CardSpace changed from providing claims to be a mere login mechanism with claims dangling behind it.
Are relying parties really using the provided claims? Will relying parties use the provided claims in the future?
I think that enabling the user to control the claims provides a way to get rid of most of the user management at the RP.
No more "Edit your profile" webpages which are different from site to site.
Just edit your information card and use it. All sites will get the new updated information about you.
But what if the RP needs more/different claims than the standard self-issued ones. Today we would need to introduce an identity provider that issues managed cards with that set of claims.
Why are we not extending the self-issued token server to serve any set of claims?
The user would still be in control of his claims.
Integrity Properties for Federations
2 weeks ago
No comments:
Post a Comment