+xns/Authentication
Message: CertifySession

+xns/Core/XNSObject
   |
   +--+xns/Core/Message
         |
         +--+xns/Authentication/CertifySession


Produces an authentication certificate for use by another identity. This certificate may be used to provide single sign-on (or remote sign-on) for identities representing the same principal as the to-identity. It may also be used to authenticate to a non-personal identity.

To: The identity an application is logged into.
From: An application logged into an identity.


 

Input
Boolean Compress Should the authentication certificate be compressed before encrypting?
+xns/Core/IdentityAddress EncryptFor Address of the identity whose public key will be used to encrypt the authentication certificate.
+xns/Core/IdentityAddress SignBy Address of the identity requested to sign the certificate.
 

Output
String AuthCert Encrypted authentication certificate, Base64 encoded.
 

Input Detail

Compress

Should the authentication certificate be compressed before encrypting? True=compress the authentication certificate after signing, but before encrypting; False=do not compress the authentication certificate.  

DataType: Boolean
 


EncryptFor

Address of the identity whose public key will be used to encrypt the authentication certificate. The authentication certificate created is usually used to authenticate to another identity. The host of the other identity is usually the identity doing the decryption, so it is common to encrypt the authentication certificate using the public key of the other identity's host. The authentication certificate can be encrypted for the other identity, but is less common because it requires more public keys to be known.  

DataType: +xns/Core/IdentityAddress
 


SignBy

Address of the identity requested to sign the certificate. This can be either the to-identity or the host of the to-identity. If the identity resides in an ID service provider with many other identities, it is more efficient for the host to sign the certificate because the receiver of the certificate is more likely to have the public key of the host than the public key of the to-identity in its cache.  

DataType: +xns/Core/IdentityAddress
 


 

Output Detail

AuthCert

Encrypted authentication certificate, Base64 encoded. The certificate has been signed, possibly compressed, then encrypted using the public key of the EncryptFor identity. If the SignBy identity supports the certification service, it may be used to verify the certificate. It may also be used to register for notification of session logout.  

DataType: String
 


Publishing Identity: +xns
© 2002 XNSORG
Last Updated: 07/09/2002