62
Getting
Authentication Information to CarRentalInc
by an Unsolicited Response
Need
a car? Click here
AirlineInc.com
John Doe
1. https://www.AirlineInc.com/?
TARGET=https://www.CarRentalInc.com
CarRentalInc.com
2. HTML form
that is filled in with an encoded
Response.
3. Clicking the form's Submit button results in POSTing the
Response to https://www.CarRentalInc.com
John
Doe clicks on the link. It takes him
back to the airline service, which constructs a Response message and embeds it (encoded) within an HTML
form. The airline service responds
with this HTML form. When John Doe
clicks on the form's Submit button it results in sending (POSTing) the Response to the car
rental service. Thus the car rental service has John Doe "knocking on his door, with
authentication papers in hand".
