Shibboleth Developers

[Jim Fox <>]

> > Seems to me that this credential is nothing but a validation that
> > the other information comes >> from the same user as used the site
> > before.  I suggest that a 128 bit hash of the public key ought
> > to be enough information.  It's an identifier and nothing more.
>
> I don't think there's any reason to reduce the amount of information
> provided when it's easier to provide the actual key. You're starting (I
> think) with a KeyInfo that the C++ code already knows how to turn into DER.
> Giving it something else is more work, not less.

If I get KeyInfo that is a cert (as from DigitalMe) then I can
indeed turn that into DER and send it to the environment.  If,
however, all I get is a public key (as from CardSpace) then I
can't turn it into a cert, as the cert is a signed thing and I have
nothing to sign it with, and I therefore cannot turn it into DER.
All I have are two numbers.  (I could base64 encode them.)

Jim