shibboleth-dev - RE: resolvertest
Subject: Shibboleth Developers
List archive
- From: Scott Cantor <>
- To: 'RL 'Bob' Morgan' <>
- Cc: 'Shibboleth Dev Team' <>
- Subject: RE: resolvertest
- Date: Wed, 18 Feb 2004 11:59:15 -0500
- Importance: Normal
- Organization: The Ohio State University
> Eh? I thought the whole point of the targetedID implementation was that
> the per-target ID could be computed deterministically as f(user, target),
> hence no storage needed.
Except that it's not that simple (the salt value has to be part of the hash,
which locks you to that salt value forever). I had to salt it for privacy
reasons, but if you generate them randomly and store them in a database,
it's about as easy to deploy and much more maintainable long term. Plus you
can change the values periodically once we have the NameIdentifier
registration stuff, etc.
I thought the hash was a way of getting something out there people (and
vendors) could play with quickly, but I don't think I'd run it here that
way. Since we don't ship things with a database currently, that wasn't a
good option.
-- Scott
- resolvertest, Mark Earnest, 02/18/2004
- RE: resolvertest, Scott Cantor, 02/18/2004
- RE: resolvertest, RL 'Bob' Morgan, 02/18/2004
- RE: resolvertest, Scott Cantor, 02/18/2004
- Re: resolvertest, Mark Earnest, 02/18/2004
- RE: resolvertest, Scott Cantor, 02/18/2004
- RE: resolvertest, Mark Allen Earnest, 02/18/2004
- RE: resolvertest, Scott Cantor, 02/18/2004
- RE: resolvertest, Mark Allen Earnest, 02/18/2004
- RE: resolvertest, Scott Cantor, 02/18/2004
- Re: resolvertest, Walter Hoehn, 02/18/2004
- RE: resolvertest, Mark Allen Earnest, 02/18/2004
- RE: resolvertest, Scott Cantor, 02/18/2004
- RE: resolvertest, Mark Allen Earnest, 02/18/2004
- RE: resolvertest, Scott Cantor, 02/18/2004
- RE: resolvertest, RL 'Bob' Morgan, 02/18/2004
- RE: resolvertest, Scott Cantor, 02/18/2004
Archive powered by MHonArc 2.6.16.