Tuesday, July 08, 2008

Relyingparty Best Practices

Some days ago I went to a kiosk to buy some ice cream for me and my family. I ordered four cones with one scoop of chocolate ice cream each. When I received the first cone I found a huge pile of chocolate ice cream on the cone. I reminded the seller that I had ordered only one scoop and got the answer that this mountain of at least five scoops was _one_ scoop. Hm.

The relying party now has a problem. Its subsystems (kids) already saw the offered claims so there is now no way to plainly reject the token. On the other hand the RP knows that the subsystems (4 5/12 and 5 11/12 years old) can not handle this token without maintainance afterwards. The RP rejects the tokens and asks the issuer to resend them in another format (cup and spoon) without changing the claim's value.

I don't want to stretch this too much but I think that it is not easy to write a best practices paper that is valuable for all RPs. I would have rejected this token because no part of the RP wants to handle strawberry claims.Strawberry Ice Picture from Wikipedia

No comments: