I am writing a web service that acts as a proxy to many other services, and for each of these services I need to pass along the user's password for that particular service.
I'd like to keep the password encryption details out of the main part of the service and let the client deal with another specialized part of the service (let's call it the "encryption service" for now) in order to obtain a password token beforehand. The client and server agree on an encryption method, the client uploads the password to the encryption service, and the service returns an ID that can used with the main service when specifying the value of passwords, etc.
The main service has knowledge of the all passwords uploaded to the encryption service for the duration of the session. It has no knowledge and doesn't care what encryption method was used.
My question is: what terminology should I be using here? There must be some system in existence that does something similar. I am trying to determine how I should name the following parts of the system:
- The encryption service that interns an uploaded string and returns an ID for it.
- The ID that is returned. (Password token?)
I'd like to stay away from the term "password" as it is too specific; this functionality can be used for general parameters that need to be encrypted that are not necessarily passwords.