THE ENCRYPTED TOKEN

If you have a single web server that uses html pages, like most bloggers do, the easiest way to take advantage of infocard identities is to get the Identity Selector to post tokens directly to your web server. Normally, you might get the contents of a form in the post. When using InfoCards you get a “token”. Various types of token are possible, but SAML tokens are most common. The built-in self-asserted identity provider uses the SAML format.

<enc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
               xmlns:enc="http://www.w3.org/2001/04/xmlenc#">
  <enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" /> 
  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
      <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
          <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
              <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 
          </e:EncryptionMethod>
          <KeyInfo>
              <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/
                        oasis-200401-wss-wssecurity-secext-1.0.xsd">
                  <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/
                        oasis-wss-soap-message-security-1.1#ThumbprintSHA1" 
                          EncodingType="http://docs.oasis-open.org/wss/2004/01/
                        oasis-200401-wss-soap-message-security-1.0#Base64Binary">
                      +PYbznDaB/dlhjIfqCQ458E72wA=
                  </o:KeyIdentifier> 
              </o:SecurityTokenReference>
          </KeyInfo>
          <e:CipherData>
              <e:CipherValue>
                   1dYJm11Qw2UDKuS7OsjY23k+vX4l5nHkKUC71ev7
                   jtDUC0dFn1mcWunmGV272bpXGHeyWIviv2Salkxj
                   XErXBwO3hq9/dNyDfY7VvLRi5rOvn1Szgb71d0Xg
                   rKCvnUljhy9bSssSxtYgr4YOTkUV894z0yXS9omK
                   S0XNtm/dzr4=
              </e:CipherValue> 
          </e:CipherData>
      </e:EncryptedKey>
  </KeyInfo>
  <enc:CipherData>
      <enc:CipherValue>
          77Ybo3C32JckPMD+lxm9t7KKxfQjMT8ojczrDs0i
          HsxJ3Q6i3B04RAGrOivLfqMYzYP4lZXsM2lF8cUs
          aVOTY9KqsJjpOBwyk37n9tw7pV6E3SXkHtXx92xl
          5AqmjPeBdDI/syrIjgE1bpbn5sX5PpNoOmAbYSV2
          dQRBnImKJBAfKQFFmMk0mcUb/Bv11w9aCAgimPy7
          UfwqQPhkPp0DbCoINFZsmbgppelTHTh6Bnpe/it9
          OPDqBeUaILVBA7vMVvgDA0vmklb9g3mEzo1va5GG
          4GP/u0xuCG7x9glozdDVtsBsohJiGj0UnFS2QI0o
          ZbfbMS9rtWCiHRbp0TIhcykn70PUooVJrU/HcKDh
          baKnoC3dd0Y73gqTogwvruYZ3Fg9mqhlYMSoLmsR
          sz+W8a935WQM1OAcNz6VEjxaKn7QDRZn/OfQhW1r
          XsWh+oazVKHdxpa9vvj6UeV3w8DaJsmZDO5SRTep
          LjZzfMENc52XG8CJfDrVHEuPmals92NoTN+BwIc6
          R4WpHPxr+P7GPfpb24apOfgBmfN/snq+Jy37PLjV
          4yivz9NmP6EKEpDI7u7b+evytYRmQrh04T/aL6gi
          NHzgfHo7PxiNU6hvCKNQ0vtKgMp1R6QjkMV93FvS
          1I6eknbHLjbUJaJuuGI3eH83RN/Gx7bsuDvfTvDL
          WiTTsG2zD5UPWeEjx+ROCkhLpb8Ojm8h6fI3s+Qv
          qUuzAbzH8cHiyfWGAt8HPe1BwKWcU25XbVfQTOnG
          jP2+NXt2AUtDYimUjydSlyMzk0Bi3GPr19aav2UV
          N1gr2ldVotma4lpNonhLjk+liHTrrO7P51/vkc4k
          P7koLTLBmmNooOQrJ1w70MelRjZnFbCdoadyzH8j
          z/vR/zzvO62z4ycFyn/S9OxqFqrufKpyijnopVS3
          bf4JGazumScIutKfUUpWOtRELXnCpv4S9JB4FIkr
          Kqqgi/3rh06QMByWK6DU7cf94dI3jIzx336A1a/r
          .                                       
          .                                       
          .                                       
          Wvl2o5ABIqvToMV1bp16Ns1ImSgxuB074kmAvAUx
          b/LXPXq1Gwcz2YtyaHMYSUvzzzYRuDH9qu0R6748
          B/C1if4MeXHUqMPYaEQ+dhuzoVUMuy7/kQVP5ckb
          B0asMSqIiJp5B4vecBe/aGQo9AYNEwPv4xAB5cvr
          PBEG4TCFtSVyJkn2LcdwNzqmNqIewGMxawwUPgxe
          D2w==
      </enc:CipherValue> 
  </enc:CipherData>
</enc:EncryptedData>

Published by

Kim Cameron

Work on identity.