SEARCH
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
PARTS:
Part 3
Part 4
Part 5
Part 6
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
Prev | Current Page 130 | Next

Vittorio Bertocci, Garrett Serack, Caleb Baker

"Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities"

Such a key is encrypted with Alice??™s own key,
so man-in-the-middle attacks would be ineffective.
Actually, all subsequent communications from Alice
will target a component of the KDC, the ticket granting
service (TGS). You can think of the TGS as the
authority that can issue security tokens (that is, tickets
in Kerberos terms).
 The same symmetric session key, this time encrypted
with the key of the TGS. This speci?¬?c data fragment
is a ticket, a token that can be used for talking with a
service. Because the service for which this ticket is
intended is the TGS itself, we call this special token
a ticket granting ticket (TGT). Because the TGT is
encrypted for the TGS, Alice (or anybody else) will
not be able to see its content; she will have just to
keep it somewhere and attach it in future conversations.
Understanding the role of the TGT is easy. Imagine that
Alice is entering a theme park. As she enters the facility,
she pays for an all-day ticket that allows her to take
many rides through the day without paying more. This is
her TGT. Every time she wants to go on a certain ride,
she will go to the line to the local ride ticket counter.
When she reaches the cashier, she will have just to wave
the TGT to get the ticket for the ride she is about to embark
on.


Pages:
118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142
Beginners Guide to SQL Server Integration Services Using Visual Studio 2005 (page 184) Pro ASP.NET 3.5 Server Controls and AJAX Components (page 1309) Practical Reporting with Ruby and Rails (page 349)