opaque-token-based-authentication-pattern
Installation
SKILL.md
Opaque Token-Based Authentication Security Pattern
A subject is authenticated based on a unique, opaque token provided with action requests. The system maintains a mapping of valid tokens to principals. Token secrecy is crucial as it's the sole proof of identity.
Core Components
| Role | Type | Responsibility |
|---|---|---|
| Subject | Entity | Provides token with action requests |
| Enforcer | Enforcement Point | Ensures token verification before processing |
| Verifier | Decision Point | Validates token and retrieves principal |
| Principal Provider | Entity | Maintains token-to-principal mapping |
| Registrar | Entity | Issues tokens after initial authentication |
| Token Generator | Cryptographic Primitive | Generates secure random tokens |