摘要 |
Techniques for creating and using credentials for blinded intended audiences are provided. A principal desires access to a target service. An identity associated with the target service is hidden from an identity service via a random identifier. The identity service supplies an assertion with credentials and the random identifier. The principal sends the assertion and an access message, which also includes the random identifier to the target service. The target service compares the identifier included with the message to the identifier in the assertion and when a match occurs access is permitted to the target service, assuming other credentials associated with the assertion are satisfied as well.
|