Overview#
The purpose of By-reference is to swap the original message with surrogate data.By-reference is often Meaningless But Unique Number or a Universally Unique Identifier that the "Real" data can ONLY be found within a "protected" Data Store
The surrogate data could be referenced to the original message later but typically only by the original system in which created the original reference.
By-reference is in contrast to by-value
By-reference does not contain anything that is related to the original data and therefore, other than Replay attack is considered secure.
A CSRF Token included in a Transport-layer Security Mechanism session SHOULD prevent any replay attack
More Information#
There might be more information for this subject on one of the following:- Authorization Request
- By-value
- Claim
- Data type
- EMVCo Tokenization
- Host Card Emulation
- Hyperlinks
- Identity Document
- JSON Web Tokens
- Meaningless But Unique Number
- OAuth 2.0 JWT Secured Authorization Request
- OAuth Dynamic Client Registration Metadata
- Primitive data type
- Pseudonym
- Reference
- Reference data type
- Request_object_encryption_alg_values_supported
- Request_object_encryption_enc_values_supported
- Request_uri
- SessionData
- Token
- Tokenization
- Variable
