-
Notifications
You must be signed in to change notification settings - Fork 78
Authorization Messages
wmiaw edited this page Oct 3, 2014
·
1 revision
When a user wishes to perform a sequence of operations, one or more messages involved in the transaction is likely to grant authorization or move the process forward. The state of that sequence must be carried forward and the operations themselves must be protected against out-of-order execution. Service tokens are an excellent method by which to accomplish this.
This communication occurs between a trusted services network client and server.
Security Property | API Return Value | Reason |
---|---|---|
Encryption Required | true | The request contains confidential and sensitive data. |
Integrity Protection Required | true | Data modification may result in incorrect or invalid data being used for the operation. |
Non-Replayable Required | true | A replayed request would create inconsistent or incorrect state data. |
Service Tokens Expected | true | The response will include a service token. |
User Associated | stringUserAuthenticationData |
The request is made on behalf of the specific user. User authentication data must be provided if a user ID token does not already exist. |
Security Property | API Return Value | Reason |
---|---|---|
Encryption Required | true | The response may contain confidential or sensitive data used for the next operation of the sequence or to confirm the operation succeeded. |
Integrity Protection Required | true | Data modification may result in incorrect data or an incorrect confirmation. |
Non-Replayable Required | false | Responses are always non-replayable. |
Service Tokens Expected | false | Trusted services servers do not expect clients to issue service tokens. |
User Associated | null null |
The trusted services response is not associated with a user. |
A Netflix Original Production
Tech Blog | Twitter @NetflixOSS | Jobs
- Introduction
- Encoding & Normalization
- Cryptography
- Versioning
- MSL Networks
- Entity Authentication
- User Authentication
- Key Exchange
- Service Tokens
- Messages
- Error Messages
- Application Security Requirements
- Protocol Implementation
- Configuration Guide