Can anyone tell me if the link to a site’s privacy statement from the ‘First time at a site’ CardSpace screen (picture below) can be set by relying parties who don’t have an EV certificate? Finding documentation on this feature is ugly, since most Microsoft -based pages have a link at the bottom of the page entitled ‘privacy statement’ (referring to the site policy) — which horribly dilutes the search pool.
Update: see the comments for the answer to my question (thanks Mark)
Here’s what I know. The ‘first time’ screen can be shown to a user for (at least) four reasons:
- It really is the first time that CardSpace has seen the site.
- If the user selects the “learn more about this site link” during regular use.
- Any of the certificate details for that site change.
- If “The site states that it has changed its privacy statement” (reference here).
It is worth finding out, because if you as a site owner don’t have anything behind that privacy statement link, a user who clicks on the link will be told:
The site has declined to provide a privacy statement.
I hope there is a way for us peasant-cert types to populate the link – I can’t say that I’m excited about having my (potential) users thinking that I have declined to provide a privacy statement if the case happens to be that I am in reality unable to provide a privacy statement.
Thanks in advance to anyone who can help with this :)