How Passport Works
In this section, we describe the Passport single signon and wallet protocols. In the Passport model, there are three entities: the client at a Web browser (usually a consumer who has previously registered with the Passport service), the merchant (a store or collection of stores wishing to market to the consumer), and the Passport login server. The login server maintains authentication and customer profile information for the client and gives the merchant access to this information when permitted by the customer. Passport divides client data into profile information (such as addresses, shoe size, and so on) and the wallet, which contains credit card information. Passport's protocols are designed to enable the secure transfer of this profile and wallet information between the Passport server and the merchants.
Single Signon Protocol
Passport's interaction with a user begins when a client, visiting a merchant site, needs to authenticate (to provide some personal information or make a purchase). The merchant Web server redirects the customer's browser to a well-known Passport server. The Passport server presents the user with a login page over an SSL connection. The user logs into the Passport server, and the Passport server redirects the user back to the end server. Authentication information is included in the redirect message in the query string. This information is encrypted using triple DES with a key previously established between Passport and the merchant server. The end server then sets an encrypted cookie in the client's browser. This is illustrated in Figure 1.
Figure 1 The Passport architecture.
The idea is that when a user returns to the IBM site, for example, the encrypted cookie is returned as well. The site can decrypt the cookie and verify that the user is already authenticated. The Passport server also sets a cookie. Thus, if a user visits another site, say, dell.com, when the browser is redirected to the Passport server, the user is no longer presented with a login screen because the previous Passport cookie is used. If this cookie contains valid credentials, the client is redirected back to the merchant server without user intervention.
The wallet protocol is very similar in nature to the single signon protocol. Instead of just authenticating, however, the user can insert all sorts of personal and credit card information. Then, when the user is shopping on an end server site, the user can select which information to include for that merchant. The user never needs to enter the information again for participating end servers.