SEARCH
0-9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
PARTS:
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
Part 23
Part 24
Part 25
Prev | Current Page 351 | Next

Vittorio Bertocci, Garrett Serack, Caleb Baker

"Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities"

In most cases, it makes more sense to use a
pre-existing library.
Now that the website can request a token from CardSpace, the
token is then posted to a token-processing page. There are four
main parts to processing the token:
 Token decryption. In many cases, the token will be
encrypted for the website, so it must be decrypted.
 Token integrity check. The signature on the token must
be validated to ensure that the token has not been tampered
with, and that it comes from a trusted party.
 Token validation. Check that the token is valid and that
it has not expired or was meant for a different site.
 Retrieval of claim value. Parse the claim values out of
the token and use them to authenticate the user or make
an access decision.
Token Decryption
In most cases, the token returned by CardSpace will be
encrypted in an EncryptedData element. This would typically
be encrypted to the public key of the website??™s certi?¬?cate. The
encrypted token would look similar to the XML element shown
in Figure 4-2.
Several steps are
required to process
a token
Using CardSpace in the Browser 239
For the website to get to the token content, it must ?¬?rst perform
the decryption.


Pages:
339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363
Beginners Guide to SQL Server Integration Services Using Visual Studio 2005 (page 135) Pro ASP.NET 3.5 Server Controls and AJAX Components (page 931) Practical Reporting with Ruby and Rails (page 318)