Sorry for a slow response. This week is especially busy for me...

I borrowed the notion from Austrian Citizen ID system.
In there, the services are divided into "sectors."
A sector may span several agencies.
They call ID as PIN (Personal Identification Number).

There is a secret PIN (sPIN) which is not used anywhere but in their SmartCard.
Then, sector sepcific PIN (ssPIN) is calculated in the manner of :

SHA1(sPIN + SectorID)

(Note, there is a bit more details but...)

I have thrown OP secret into it.
To avoid the analytic attack, I agree that it is better to use
individual secret, as some of you
points out.

Regards,

=nat

On Tue, May 12, 2009 at 5:55 PM, Dick Hardt <dick.ha...@gmail.com> wrote:
>
> On 12-May-09, at 1:36 AM, Nat Sakimura wrote:
>>
>> Reason for using RP's Subject in XRD instead of simply using realm is
>> to allow for something like group identifier.
>
> would you elaborate on the group identifier concept?
>
>>
>>
>> This is just one idea. Downside of this approach
>> is that we need to set up a WG.
>>
>> I am sure there are more ideas. It might be possible to utilize AX
>> so that it will only be a profile that does not require a WG.
>>
>> So shall we start discussing which direction we want to go forward?
>
> sure!
>



-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Reply via email to