How it works
Basic rules
Service is based on so called one-time (single-session) password concept, which is valid only for one user session. We call it authorization ticket.
The system issues one authorization ticket to the user every time when he wants to login to the site, sends it and other parameters tp the page that requested authorization. The page which has received the information about the user, checks the ticket and carries out necessary actions.
One site can trust ticket,issued for another site, that is "unilateral" trust is available. If another site adjusts trust for this one, trust becomes bilaterial. Trust relations between sites allow to build single environment between various network resources.
The Authentication Scenario
- Site Holder directs the user to WebMoney Login authorization page. (page url: https://login.wmtransfer.com/GateKeeper.aspx?RID=RID where RID is return url ID, stored at WM Login site settings where authorization ticket is transferred to, user WMID, authentication method and RID.)
- The user chooses authentication methodand and logs in.
- System redirects the user to the url associated with RID. It also transfer authorization ticket, user WMID, authentication method and RID.
- The addressee should check correctness of the transferred data that demands a server script on return page. To check authorization ticket it is necessary to request (call for) a web-service