{"id":895,"date":"2007-11-19T22:56:47","date_gmt":"2007-11-20T06:56:47","guid":{"rendered":"\/?p=895"},"modified":"2007-11-19T23:11:19","modified_gmt":"2007-11-20T07:11:19","slug":"hunky-dory","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=895","title":{"rendered":"Hunky-Dory"},"content":{"rendered":"

\u00a0Paul Madsen at ConnectID writes<\/a>:<\/p>\n

Kim defends<\/font><\/a> CardSpace on the issue of the Display Token.<\/p>\n

Personally, I think it's a UI issue. The concern would be mitigated if the identity selector were to simply preface the display token with a caveat:<\/p>\n

The following attributes are what the IDP claims to be sending. If you do not trust your IdP, do not click on “Send”.<\/span><\/p><\/blockquote>\n

<\/span>If the UI doesn't misrepresent the reality of what the DisplayToken is (and isn't), then we're hunky-dory<\/font><\/a>.<\/p>\n

And of course, CardSpace is not the only WS-Trust based identity selector in town. The other selectors are presumably under no constraints to deal with DisplayToken in the same way as does CardSpace?\u00a0<\/p><\/blockquote>\n

Paul has a good point and I buy the “general idea”.\u00a0 I guess my question would be, should\u00a0this\u00a0warning be presented each time an Information Card is used, or just when\u00a0making the initial decision to depend on a new card?\u00a0<\/p>\n

I think the answer should come from\u00a0“user studies”:\u00a0 let's find out what approach is more effective.\u00a0\u00a0I hear a lot of\u00a0user interface experts telling us to reduce user communication to what is\u00a0essential at any specific point in time so that what is\u00a0communicated is effectively conveyed.<\/p>\n

Despite this notion,\u00a0identity providers should be held accountable for ensuring that the contents of information tokens correspond to the contents of their associated display tokens.\u00a0 This should be mandated in the digital world.<\/p>\n

By the way, I\u00a0love Paul's recollection of the word\u00a0“Hunky-Dory”.\u00a0 He gives a nice reference<\/a>.\u00a0 Funny – I always thought it referred to a “certain beverage<\/a>“.<\/p>\n","protected":false},"excerpt":{"rendered":"

If the UI doesn't misrepresent the reality of what the DisplayToken is (and isn't), then we're hunky-dory.<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[17,46,7,4],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/895"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=895"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/895\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=895"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}