-
Notifications
You must be signed in to change notification settings - Fork 78
Token Issuance & Protection
The master token and user ID token renewal window and expiration values should be chosen to meet the application’s desired security. The renewal window should be set to the time after which re-authentication is desired but not necessary. The expiration should be set to the time after which re-authentication is necessary for business reasons and in the case of master tokens to restrict the duration of session keys.
Master tokens and user ID tokens must be encrypted and signed. It is highly recommended that service tokens be encrypted and signed.
The recommended minimum strength encryption algorithms and modes are AES-128-CBC, AES-128-CTR, or AES-128-GCM. Random values should be used for any initialization data.
The recommended minimum strength signature algorithms are HMAC-SHA256 or RSA-2048.
A Netflix Original Production
Tech Blog | Twitter @NetflixOSS | Jobs
- Introduction
- Encoding & Normalization
- Cryptography
- Versioning
- MSL Networks
- Entity Authentication
- User Authentication
- Key Exchange
- Service Tokens
- Messages
- Error Messages
- Application Security Requirements
- Protocol Implementation
- Configuration Guide