Page tree
Skip to end of metadata
Go to start of metadata

There are typically two distinct sets of keys needed in a Trust Router-based ecosystem that Trust Router is used to negotiate - a shared key between the RP and IdP that allows those two Moonshot entities to communicate, and the shared key between the IdP and APC that is used to facilitate the generation of the first key (as it allows the IdP and APC to mutual authenticate). Thus, there are three possible scenarios for Trust Router (in order of increasing complexity) - one where both keys are already established, one where only the latter key is already established, and one where neither keys are yet established. Follow the links below to see the full protocol flow for each of these three cases.

Both keys already exist

One key already exists

No keys exist

  • No labels

1 Comment

  1. Hi, I have a generic comment for all these flows. According to what I understand on how the TR works, step 2b is not needed. Indeed, the wireshark captures I have done seems to show no evidence of step 2b. IDP authenticates to TR is implicit (mutual authentiation) to the TR authenticates to IDP. Could you confirm this please?