Principle of work
Bases
In a basis of a principle of work of system the concept about the time (sessional) password lays,
it is valid only during existence of session of the user. Within the limits of system data
it we shall name authorization ticket.
The system gives out every time to the user authorization ticket when the user will be authorized on
this or that site, and sends it and others parameters on page
requested authorization. The page which has received the information on the user, checks ticket
and carries out necessary actions.
One site can trust ticket, given out for other site, i.e. probably unilateral trust.
If other site will adjust trust for тикетов the first site the trust becomes bilaterial.
trust relationship between sites the uniform space between
various resources of a network allows to organize attitudes of trust.
The scenario of authentication
The holder of a site directs the user on page of authorization WebMoney Login.
(This page has url https://login.wmtransfer.com/ GateKeeper.aspx? RID = RID where RID is ID url the return, kept in adjustments WM Login for a
site to which will be transferred authorization ticket, WMID the user, a way authentication
and RID. )
The user chooses a method of authentication and passes it.
Further system redirect the user on url associated with RID.
There also are transferred authorization ticket, WMID the user, a way authentication and RID.
The addressee should check up a correctness of the transferred data that demands a server script on
page of return which will check up correctness of the transferred data. To check up correctness
authorization ticket it is necessary to cause a web-service
