Then, a new temporary token will be generated and signed by the issuer
(the delegator). A token used in delegation is only used for one delegation. Hence, before the
token generation process, the system has to firstly check for the inexistence of a token issued
for the same delegated right and effective domain. If the token does exist, it can be retrieved
and sent back to the user. Therefore, the cost of token generation can be reduced.
Funct on addDelegat on
(delegator- d, delegatee- d, delegated-r ght, effect ve-doma n)
f delegator- d s not val d
ex t
f !(delegatee- d, delegated-r ght, effect ve-doma n) n records
new a token w th (delegator- d, delegatee- d)
A Secur ty Solut on for Web-Serv ces Based Gr d Appl cat on
Copyright ?© 2007, Idea Group Inc. Copying or distributing in print or electronic forms without written permission
of Idea Group Inc. is prohibited.
add (token, delegated-r ght, effect ve-doma n) nto records
refresh records
else
retr eve the current token
return token
The lifetime of a token is often a concern. If the lifetime is too short, the temporary token has
to be renewed or generated frequently. On the other hand, if the token lifetime is too long,
the privacy and security of the user might be affected and the token cannot be differentiated
from normal official tokens.
Pages:
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443