Linkage with CardSpace in Auditing Mode

Published: August 5, 2007, 9:05 pm

Tags: laws of identity, windows cardspace, user centric, information cards, identity metasystem, privacy, openid, minimal disclosure, linkage

As we said here, systems like SAML and OpenID work without any changes to the browser or client which is good. But they depend on the relying party and identity provider to completely control the movement of information, and this turns out to be bad. Why? Well, for one thing, if the user lands at an evil site it can take complete control of the client (let’s call this “extreme phishing”) and trick the user into a lot of evil. Let's review why this is the case. Redirection protocols have two legs. In the first, the relying party sends the user's browser to the identity provider with a request. Then the identity provider sends the browser back to the relying party with a response. Either one can convince the user it’s doing one thing while actually doing the opposite. It's clear that with this protocol, the user's system is passive . Services are active parties while the browser does what it is told. Moreover, the services know

[ Full article ]

Blog link

Comments