Used to identify the user after starting a session. Contains the user application id and the expiration date.
Group of webheads and storage devices that make up a set of Service Nodes.
An integer that may be included in an identity certificate. The issuing server increases this value whenever the user changes their password. By rejecting assertions with a generation number lower than the previously-seen maximum for that user, the Login Server can reject assertions generated using an old password.
An HTTP authentication method using a message authentication code (MAC) algorithm to provide cryptographic verification of portions of HTTP requests.
HMAC-based Key Derivation Function, a method for deriving multiple secret keys from a single master secret.
Used to authenticate user, returns tokens that can be used to authenticate to our services.
A secret shared between Login Server and Service Node. Never used directly, only for deriving other secrets.
An URL that identifies a service, like http://phx345
A service that can attribute to a user a node.
A service Mozilla provides, like Sync.
a server that contains the service, and can be mapped to several Nodes (URLs)
Derived from the master secret, used to sign the auth token.
Derived from the master secret and auth token, used as secret. This is the only secret shared with the client and is different for each auth token.
A database that keeps the user/node relation
The original code name for the Firefox Sync service and project.