- All Implemented Interfaces:
Credentials used to authenticate an entity based on a verifiable token.
A token is shared between the entity and the authenticator and must be verifiable during the authentication process. A token might be generated by an authority trusted by both the entity and the application, each party being then able to obtain or authenticate the token to the trusted authority. Other approaches might also include symetric or asymetric cryptographic processing.
In order to provide proper security, implementations should choose properly secured tokens which are collision-free and hardly forgeable.
- Jeremy Kuhn