+xns/Core/XNSObject
 |
 +--+xns/Core/Message
  |
  +--+xns/Authentication/CertifySession
Produces an authentication certificate for use by another identity. This certificate may be used to provide single sign-on (or remote sign-on) for identities representing the same principal as the to-identity. It may also be used to authenticate to a non-personal identity.
To: The identity an application is logged into.
From: An application logged into an identity.
Output |
String |
AuthCert |
Encrypted authentication certificate, Base64 encoded. |
Compress
Should the authentication certificate be compressed before encrypting? True=compress the authentication certificate after signing, but before encrypting; False=do not compress the authentication certificate.
DataType: Boolean
EncryptFor
Address of the identity whose public key will be used to encrypt the authentication certificate. The authentication certificate created is usually used to authenticate to another identity. The host of the other identity is usually the identity doing the decryption, so it is common to encrypt the authentication certificate using the public key of the other identity's host. The authentication certificate can be encrypted for the other identity, but is less common because it requires more public keys to be known.
DataType: +xns/Core/IdentityAddress
SignBy
Address of the identity requested to sign the certificate. This can be either the to-identity or the host of the to-identity. If the identity resides in an ID service provider with many other identities, it is more efficient for the host to sign the certificate because the receiver of the certificate is more likely to have the public key of the host than the public key of the to-identity in its cache.
DataType: +xns/Core/IdentityAddress
AuthCert
Encrypted authentication certificate, Base64 encoded. The certificate has been signed, possibly compressed, then encrypted using the public key of the EncryptFor identity. If the SignBy identity supports the certification service, it may be used to verify the certificate. It may also be used to register for notification of session logout.
DataType: String
Publishing Identity: +xns © 2002 XNSORG
|
Last Updated: 07/09/2002
|