DOF Security and the Authentication Server (AS)
As part of DOF security, an Authentication Server (AS) is used to authenticate the credentials of each component on a network. The AS centralizes security information, creating a shared trust environment—without exposing credentials—while allowing full access control. This means you have control over who (or which resources) has access and what levels of access they have. A single AS can also provide multiple security domains.
Domain Management Tools
To help with tasks related to domain management, several tools are available. The Domain Management Application allows you to generate credentials (Credentials Generator) and perform basic domain management tasks (Domain Management Tool). A related tool, the DOF Console, is also available to simplify tasks such as accessing the domain, importing interfaces, and checking connections.
The Ticket Request Protocol
The Ticket Request Protocol (TRP) is used to communicate between a node and an Authentication Server (AS). As with other protocols in the DOF Protocol Stack, TRP may be relayed from nodes that are not Authentication Servers to a node that is an Authentication Server—and do it transparently. This form of proxy is common in DOF systems. The end target of the communication is a domain, and the domain is identified in all TRP communication.*
Typically, you communicate with a domain to obtain keys that can be used to establish secure communication with another node (other than the AS). This is the case with almost all of the TRP commands.** However, all communication with the domain is authenticated, making it possible for the node sending the command to determine if a) the (authorized) domain responded to the command and b) if the command and response were modified in any way. The trust established depends on the credentials that were provided by the node sending the command and by verification of the responder’s knowledge of the shared secret that is associated with those credentials.
*TRP is not used directly between nodes that need to establish secure communication, but usually only by the server node. Nodes may communicate using TRP in some cases, but this usually part of a proxy relationship.
**Exceptions include the Request Security Scopes and Resolve Credential commands, which do not distribute keys used to secure further communication.