Skip to Content.
Sympa Menu

shibboleth-dev - RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?

Subject: Shibboleth Developers

List archive

RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?


Chronological Thread 
  • From: Jim Fox <>
  • To: Scott Cantor <>
  • Cc:
  • Subject: RE: [Shib-Dev] how to deliver personal infocard keyinfo to app?
  • Date: Sun, 10 Aug 2008 21:16:50 -0700 (PDT)


My inclination is to drop the public key - hash and all.
If the PPID is important to the service, then the service
can protect it.

How? The key is the only protection. The service can't protect it in any
other way.

My goal was to provide the key in a simple format and leave it at that. I
still think that's possible, but it will require some openssl functions to
pull off. It's not hard, but I don't object to avoiding linkage to openssl
either.


My thinking is that the PPID has the security of a big random number,
which cannot be guessed. It can only be compromised if the application
gives it away. It can be protected by keeping it secret.

How about a base64 of an sha1 of the modulus? That's a mathematical thing. All languages ought to do it about the same.

Jim



Archive powered by MHonArc 2.6.16.

Top of Page