<> <> DIRECTORY AuthenticationP14V2 USING [CallProblem, Credentials, CredentialsType, HashedPassword, Key, Problem, Verifier, Which], BasicTime USING [GMT], CHNameP2V0 USING [Name], Rope USING [ROPE], XNS USING [Host] ; XNSAuth: CEDAR DEFINITIONS ~ { OPEN Auth: AuthenticationP14V2, CHName: CHNameP2V0; <> <> <> ROPE: TYPE ~ Rope.ROPE; GMT: TYPE ~ BasicTime.GMT; Name: TYPE ~ CHName.Name; HostNumber: TYPE ~ XNS.Host; CredentialsType: TYPE ~ Auth.CredentialsType; Credentials: TYPE ~ Auth.Credentials; Verifier: TYPE ~ Auth.Verifier; HashedPassword: TYPE ~ Auth.HashedPassword; Key: TYPE ~ Auth.Key; <> <> <<>> <> AuthenticationError: VAR ERROR [problem: Auth.Problem]; <<_ Auth.AuthenticationError;>> Problem: TYPE ~ Auth.Problem; CallError: VAR ERROR[problem: Auth.CallProblem, whichArg: Auth.Which]; <<_ Auth.CallError;>> CallProblem: TYPE ~ Auth.CallProblem; Which: TYPE ~ Auth.Which; <> < pair and some cached information. You need an identity to initiate a conversation with a server. The correct way to get an identity for the currently logged in Cedar user is to call UserCredentials.GetIdentity  this returns a single identity that is shared among all clients (and so is guaranteed to have a big cache of initiator credentials as described below) and is guaranteed to be destroyed on rollback. For other uses  e.g. Cedar-based servers  identities can be created and destroyed with the following procedures.>> Identity: TYPE ~ REF; MakeIdentity: PROC[name: Name, password: ROPE, credentialsType: CredentialsType _ strong, check: BOOL _ TRUE] RETURNS [identity: Identity]; MakeStrongIdentityUsingKey: PROC[name: Name, key: Key, check: BOOL _ TRUE] RETURNS [identity: Identity]; <> <> <> DestroyIdentity: PROC [identity: Identity]; <> <> GetNullIdentity: PROC RETURNS [identity: Identity]; <> <> <> Conversation: TYPE ~ REF; defaultCredentialsLifetime: CARD ~ (120*60); Initiate: PROC [identity: Identity, recipientName: Name, seconds: CARD _ defaultCredentialsLifetime] RETURNS [conversation: Conversation]; <> <> Refresh: PROC [conversation: Conversation, seconds: CARD _ defaultCredentialsLifetime]; <> <> Terminate: PROC [conversation: Conversation]; <> <> GetCredentials: PROC [conversation: Conversation] RETURNS [credentials: Credentials]; <> <> SetRecipientHostNumber: PROC [conversation: Conversation, recipientHostNumber: HostNumber]; <> <> GetNextVerifier: PROC [conversation: Conversation] RETURNS [verifier: Verifier]; <> ReplyVerifierChecks: PROC [conversation: Conversation, verifier: Verifier] RETURNS [ok: BOOL]; <> <> Authenticate: PROC [myIdentity: Identity, hisCredentials: Credentials, hisVerifier: Verifier, allowSimpleCredentials: BOOL _ FALSE, useExpiredCredentials: BOOL _ FALSE] RETURNS [hisName: Name]; <> <> AuthenticateAndReply: PROC [myIdentity: Identity, hisCredentials: Credentials, hisVerifier: Verifier, useExpiredCredentials: BOOL _ FALSE] RETURNS [hisName: Name, replyVerifier: Verifier]; <> <> <> <> <> CreateStrongKey: PROC [myIdentity: Identity, name: Name, newKey: Key]; DeleteStrongKey: PROC [myIdentity: Identity, name: Name]; CreateSimpleKey: PROC [myIdentity: Identity, name: Name, newKey: HashedPassword]; DeleteSimpleKey: PROC [myIdentity: Identity, name: Name]; ChangeMyPasswords: PROC [myIdentity: Identity, newPassword: ROPE, changeStrong: BOOL _ TRUE, changeSimple: BOOL _ TRUE]; ChangeMyStrongKey: PROC [myIdentity: Identity, newKey: Key]; ChangeMySimpleKey: PROC [myIdentity: Identity, newKey: HashedPassword]; <> <> <<>> StrongKeyFromPassword: PROC [password: ROPE] RETURNS [key: Key]; SimpleKeyFromPassword: PROC [password: ROPE] RETURNS [HashedPassword]; GetCredentialsType: PROC [credentials: Credentials] RETURNS [CredentialsType]; GetConversationDetails: PROC [conversation: Conversation] RETURNS [ recipientName: Name, recipientHostNumber: HostNumber, credentials: Credentials, conversationKey: Key, owner: Identity]; GetIdentityDetails: PROC [identity: Identity] RETURNS [ name: Name, password: ROPE, credentialsType: CredentialsType]; GetCredentialsDetails: PROC [myKey: Key, hisCredentials: Credentials] RETURNS [ ok: BOOL, credentialsType: CredentialsType, conversationKey: Key, expirationTime: GMT, hisName: Name]; <> }.