E-community domain keys

E-community domain keys

The key files required for encrypting and decrypting the tokens exchanged among the servers participating in the e-community is specified in the [e-community-domain-keys] stanza.
Specify fully qualified domain name for each server and the name of the associated key file. The following example provides the MAS (domain A) with key files for communicating with two remote domains (dB and dC) and a key for communicating with other servers in domain A:
[e-community-domain-keys] dA.com = key.fileA-A dB.com = key.fileA-B dC.com = key.fileA-C

In this example, key.fileA-A identifies the key file used between all of the servers in domainA.
key.fileA-B identifies the key file used between domain A and domain B.
key.fileA-C identifies the key file used between domain A and domain C. Each remote server needs to have a copy of the appropriate key file used by the MAS. To exchange tokens with the MAS (domain A), all servers in domain B require copies of key.fileA-B:
[e-community-domain-keys] dA.com = key.fileA-B
To exchange tokens with the MAS (domain A), all servers in domain C require copies of key.fileA-C:
[e-community-domain-keys] dA.com = key.fileA-C
Any servers in domain A which use authentication services provided by the MAS must have a copy of key.fileA-A:
[e-community-domain-keys] dA.com = key.fileA-A

In this example, key.fileB-B identifies the key file used between all of the servers in domainB. Also, key.fileC-C identifies the key file used between all of the servers in domainC
[e-community-domain-keys] dB.com = key.fileB-B dC.com = key.fileC-C

Parent topic: Encrypting the vouch-for token