Sorry for a slow response. This week is especially busy for me... I borrowed the notion from Austrian Citizen ID system. In there, the services are divided into "sectors." A sector may span several agencies. They call ID as PIN (Personal Identification Number).
There is a secret PIN (sPIN) which is not used anywhere but in their SmartCard. Then, sector sepcific PIN (ssPIN) is calculated in the manner of : SHA1(sPIN + SectorID) (Note, there is a bit more details but...) I have thrown OP secret into it. To avoid the analytic attack, I agree that it is better to use individual secret, as some of you points out. Regards, =nat On Tue, May 12, 2009 at 5:55 PM, Dick Hardt <dick.ha...@gmail.com> wrote: > > On 12-May-09, at 1:36 AM, Nat Sakimura wrote: >> >> Reason for using RP's Subject in XRD instead of simply using realm is >> to allow for something like group identifier. > > would you elaborate on the group identifier concept? > >> >> >> This is just one idea. Downside of this approach >> is that we need to set up a WG. >> >> I am sure there are more ideas. It might be possible to utilize AX >> so that it will only be a profile that does not require a WG. >> >> So shall we start discussing which direction we want to go forward? > > sure! > -- Nat Sakimura (=nat) http://www.sakimura.org/en/ _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs