-
Notifications
You must be signed in to change notification settings - Fork 78
Trusted Proxy Entity Authentication
The trusted proxy entity authentication scheme provides a means by which a trusted intermediary can communicate on behalf of a third entity. For all intents and purposes the authenticated entity identity is the third entity’s identity. However authentication is performed against the proxy. Therefore, trust in the third party’s entity identity is only as strong as trust in the proxy. It is strongly recommended that the proxy authenticate the third entity.
The proxy may use any other entity authentication scheme, however it is important to restrict the trusted proxy authentication scheme to specific proxy entity identities that are trusted and to specific proxy entity authentication schemes to prevent abuse.
Encryption and authentication is provided if the proxy’s entity authentication scheme provides encryption and authentication.
This scheme is identified by the string TRUSTED_PROXY
.
authdata = {
"#mandatory" : [ "identity", "signature", "proxyscheme", "proxyauthdata" ],
"identity" : "binary",
"signature" : "binary",
"proxyscheme" : "string",
"proxyauthdata" : object
}
Field | Description |
---|---|
identity | encrypted third entity identity |
signature | verification data of the encrypted third entity identity |
proxyscheme | proxy entity authentication scheme |
proxyauthdata | proxy entity authentication data |
The third entity identity is encrypted with the proxy’s entity encryption mechanism. The verification data is computed over the encrypted identity, using the proxy’s entity authentication mechanism.
The encryption mechanism is equal to the encryption provided by the proxy entity authentication scheme.
The authentication mechanism is equal to the authentication provided by the proxy entity authentication scheme.
A Netflix Original Production
Tech Blog | Twitter @NetflixOSS | Jobs
- Introduction
- Encoding & Normalization
- Cryptography
- Versioning
- MSL Networks
- Entity Authentication
- User Authentication
- Key Exchange
- Service Tokens
- Messages
- Error Messages
- Application Security Requirements
- Protocol Implementation
- Configuration Guide