Windows Server 2003 Security Infrastructures
This nuts and bolts guide is a must-read for anyone wants to know about Windows Server 2003 security and leverage the operating systems' security infrastructure.
TABLE OF CONTENTS Windows Server 2003 Security Infrastructures
Chapter 7: Microsoft Passport
Passport, Microsoft s single identity and sign-on solution for the Web, has since its initial release back in 1999 been a controversial technology. Most Passport-related discussions concerned the product s security and privacy features. The primary goal of this chapter is to explore the security and privacy features of Passport. To do so, we will need to dive into the nuts and bolts of the Passport message exchanges. This chapter focuses particularly on how Microsoft has integrated Passport with its latest operating system platforms: Windows XP and Windows Server 2003.
7.1 Passport-enabling Web technologies
Passport uses common Web technologies that are supported by all browsers. These technologies are the Hypertext Transport Protocol (HTTP), Dynamic Web Pages with embedded JavaScript code, Cookies, and the Secure Sockets Layer (SSL) protocol. It is worth pointing out that so far (through Passport version 2.5) [1] Passport uses no (or very little) XML-based technology. In a future version of Passport the service will adopt a new SOAP- and XML-based authentication protocol derived from the WSSecurity specification. [2]
Passport uses HTTP to retrieve Passport Web pages from Passport- enabled Web servers, in order to transport Passport-related user information, to create client-side cookies, to retrieve information from client-side cookies, and to redirect browsers from one Web site to another. Passport makes extensive use of HTTP redirect messages. HTTP redirect messages allow Web sites to communicate with one another without setting up a direct communication between the Web sites Web servers: all communications go via the user browser.
JavaScript...
Copyright Hewlett-Packard Development Co., L.P. 2004 under license agreement with Books24x7
