Shibboleth Developers

["Scott Cantor" <>]

> My thinking is that the PPID has the security of a big random number,
> which cannot be guessed.   It can only be compromised if the application
> gives it away.  It can be protected by keeping it secret.

I suppose, but nothing prevents anything from asserting that PPID if it is
known, so I don't see why I'd trust such a system.

> How about a base64 of an sha1 of the modulus?  That's a mathematical
> thing.  All languages ought to do it about the same.

I don't know enough about the RSA algorithm, but I was under the impression
only the two numbers were unique, not just the modulus. That's why I was
trying for a known key format, rather than trying to invent some way to hash
multiple numbers and accidentally screw it up.

- Scott