Here is their web page (at least the part I can release)

Each cookie contains the following fields:

Issue Time Expire Time Issuer Userid IP Address ACIGROUP Location Other Data Signature
Issue Time
The time when the cookie was issued.
Expire Time
The time when the cookie will no longer be valid.
Issuer
The name of the issuer of the cookie.
Userid
The userid represented by the cookie.
IP Address
The IP address for which the cookie is valid.
ACIGROUP
The security group from PROFS for the user. This is useful to determine if the user is a dealer or supplier.
Location
The location code for suppliers. This is not useful inside the Company.
Other Data
Other fields may be defined in the future.
Signature
The RSA encrypted MD5 digest of the rest of the cookie.

Security of the System


The security of the system resides in the use of public key cryptography to digitally sign the cookie. The issuer of the cookie computes a special checksum of the cookie (using the RSA Data Security, Inc. MD5 Message-Digest Algorithm) and then encrypts this checksum with the issuer's private key. The issuer is the only holder of the private key.

The receiver looks up the issuer's public key, and decrypts the checksum. The receiver compares this checksum with one that it computes, and compares the two. If they are equal, then:

Web Single Logon's private keys are kept on a secured server. The public key is distributed with the Web Single Logon kit. A trust relationship is established with the issuer. When the cookie is validated, and has not expired, then the identity encoded in the cookie is trusted. This establishes the logon.


Password Validation


Centralizing the logon process allows a great flexibility in maintaining a central Web password database. The Web Single Logon Password Server currently uses the PROFS systems or X.500 for non-profs users to validate logons. This gives Web Single Logon secured servers access to a base of over 95,000 users.



What does this little button do . .<Click>; "USER HAS SIGNED OFF FOR THE DAY"

In reply to Re: Re: Base64 Encoded cookie is giving me headaches! by tame1
in thread Base64 Encoded cookie is giving me headaches! by tame1

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.