Overview#

The purpose of By-reference is to swap the original message with surrogate data.

By-reference is often Meaningless But Unique Number or a Universally Unique Identifier that the "Real" data can ONLY be found within a "protected" Data Store

The surrogate data could be referenced to the original message later but typically only by the original system in which created the original reference.

By-reference is in contrast to by-value

By-reference does not contain anything that is related to the original data and therefore, other than Replay attack is considered secure.

A CSRF Token included in a Transport-layer Security Mechanism session SHOULD prevent any replay attack

More Information#

There might be more information for this subject on one of the following:

• Authorization Request
• By-value
• Claim
• Data type
• EMVCo Tokenization
• Host Card Emulation
• Hyperlinks
• Identity Document
• JSON Web Tokens
• Meaningless But Unique Number
• OAuth 2.0 JWT Secured Authorization Request
• OAuth Dynamic Client Registration Metadata
• Opaque token
• Phantom Token Flow
• Primitive data type
• Pseudonym
• Reference
• Reference data type
• Request_object_encryption_alg_values_supported
• Request_object_encryption_enc_values_supported
• Request_uri
• SessionData
• Token
• Tokenization
• Variable