To do this, it needs the private key of the HTTPS
certi?¬?cate, as illustrated in Figure 4-3.
Figure 4-2 An EncryptedData element
Encrypted Token
+
??¦
Decrypted Token
??¦
Private Key For
HTTPS
Certificate
Figure 4-3 The website must decrypt the token to get the content
240 CardSpace Implementation
Although it is easy to state that the key must be used, actually
getting access to the key is a bit more complicated. In standard
deployments, the HTTPS certi?¬?cate is isolated from the code
that runs on a server??™s Web page. Even though the code is executed
on the server, if a ?¬‚aw were found in the code, a remote
user could exploit it to access the certi?¬?cate??™s private key. It is
safer to set up security such that the process running the site
cannot access the private certi?¬?cate keys. One common solution
is to grant minimal access to the key so that it can be used
by calling a decryption API. Another solution is to use a tokendecryption
process running on the Web server. (You can ?¬?nd an
example at www.leastprivilege.com.) This can separate the decryption
of the token and access to the sites certi?¬?cate from the
code running in the Web page.
Pages:
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364