Patent attributes
Implementations are provided herein for a token to be generated on one node within the cluster of nodes, and then used on any of the nodes to authenticate future client requests that include the token. The basis of the token can be a set of name value pairs that include discriminative information related to the client's user name, access zones, token timestamp, etc. An additional name-value pair or set of pairs can included encryption salt for additional security. The set of name value pairs can then be encrypted, in one implementation, using Advanced Encryption Standard (“AES”) 256 bit key. Each node among the cluster of nodes can have access to the current encryption key. Thus, a single key, or in some implementations, past keys that are still valid, can be used to decrypt received tokens by any node among the cluster of nodes. Once decrypted, the name-value pairs of the decrypted token can be validated. The serialized name-value pairs in the token permit the system to quickly identify and authorize access to the cluster to the token holder. Thus, it can be appreciated that a persistent store of all previously authenticated tokens does not need to be maintained. It can also be appreciated that the process of decrypting and validating the token against can decrease computational costs associated with extensive table lookups.
