MSL Networks
There are two types of MSL networks: trusted services and peer-to-peer.
The use of a single master token for all MSL transactions creates a network of trust between the master token entity and all services capable of accepting the master token. Once a master token has been issued, its associated session keys are used by all entities to encrypt and authenticate messages. This is done as an optimization, as entity authentication may be more computationally expensive or unable to provide encryption or authentication.
The resulting MSL network is one in which any participating entity can communicate with any other participating entity by using the master token. Said another way, the use of a master token makes it so all messages appear to be originating from the master token entity regardless of the actual entity creating and sending the message. To prevent unintended forwarding of messages, when using a master token the sending entity includes its own identity in messages it creates. It is assumed that all services in the MSL network are implicitly trusted but the master token entity does not have to be trusted.
All services should use the same secret keys to protect issued master tokens and user ID tokens. Services may choose to share among themselves some of the secret keys used to protect issued service tokens. The master token entity should not have access to any of these keys.
The master token entity must be either the sender or receiver of any messages. Otherwise it would be possible for the master token and its session keys to be renewed without the master token entity’s knowledge.
A special case of MSL network will be created when establishing a peer-to-peer trust relationship. In this case, each of the two participants issues a master token identifying its peer, and messages carry a primary master token and an peer master token. Neither participant is implicitly trusted by the other; the ability to create messages using the keys associated with the peer master token provides proof of entity identity.
Each entity should use secret keys to protect issued master tokens, user ID tokens, and service tokens. These keys should not be shared.
A single entity may simultaneously participate in multiple MSL networks. Different entity and user identities are likely to be used with different networks, with different secret keys and separately managed token and session key states.
