Token

A token is essentially a signed list of attributes. Signing is a key dependant method, creating a proof of authenticity and integrity for the list of attributes. In the realm of Token Based Networking, the key is shared secret between two or more parties. The key is used in some digital SigningMethod which is typically a combination of a hashing method (SHA1, MD5), creating a hash value of a message digest (in our case the list of attributes). The hash value is then encrypted with some encryption method (DES, 3DES, RSA etc.) using a (symmetric or assymmetric) key. Secure Message Authentication Code mechanisms such as HMAC can be used as well. The result, or part of the result is then used as token. The same method is used at the receiving end for verification of the validity of the token.