7.7 Passport and the privacy of user information


Tightly intertangled with the ubiquity of the World Wide Web is the problem of universal distribution of personal information. The latter is better known as the privacy problem. Microsoft understands the importance of addressing privacy issues effectively in order to win universal acceptance for its Passport Single Sign-On technology. Among the Microsoft privacy- related initiatives are its support for the TRUSTe initiative (http://www.truste.org), the W3C’s P3P initiative, and the inclusion of privacy- related features in its latest software products (including the latest Passport versions). To read Microsoft’s general privacy statement, go to http://www.microsoft.com/info/privacy.htm. To read the Passport-specific privacy statement, go to http://www.passport.com/consumer/privacypolicy.asp.

From Passport version 2.0 forward, a Passport user can easily modify the content of his or her Passport user profile and decide which data he or she wants to share with other participating Web sites during a Passport logon session. To do so in Windows XP, select “Change my .NET Passport” and then “Change Passport Attributes” from the Control Panel “User Account” applet. The latter actions will set up a connection with the Passport domain authority server and bring up the “Edit your .NET Passport Profile” dialog box shown in Figure 7.9.

click to expand
Figure 7.9: The “Edit your .NET Passport profile” dialog box.

Another important privacy-related technology you can use when you are worried about how a Passport-enabled Web site deals with your personal information is Internet Explorer 6.0’s built-in P3P support. The Platform for Privacy Preferences (P3P) is a project driven by the World Wide Web Consortium (W3C). It is a combined protocol and architecture designed to inform World Wide Web users about the data-collection practices of Web sites. More information about P3P is available from http://www.w3.org/P3P.

To check a Web site’s P3P privacy report in Internet Explorer 6.0, select View\Privacy Report… from the menu, then select a Web site’s URL and click Summary (as illustrated in Figure 7.10 for the MoneyCentral home- page). Currently, IE does not allow you to validate the local IE P3P policy against a Web site’s P3P policy.

click to expand
Figure 7.10: Checking out a site’s P3P privacy report in Internet Explorer 6.0.




Windows Server 2003 Security Infrastructures. Core Security Features of Windows. NET
Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)
ISBN: 1555582834
EAN: 2147483647
Year: 2003
Pages: 137
Authors: Jan De Clercq

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net