[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[higgins-dev] Problem with current scheme for IContext.open(AuthNSelfIssuedMaterials)
|
One thing I had not fully realized until yesterday, was that the current
implementation depends on the (ppid+modulus+exponent) from a specific self
issued (SI) credential (token from personal card) being used only once. If
one wants to create multiple entries/contexts and associate them with the
same self issued credential, the current scheme will not work. It should
be noted that it is possible to associate multiple self issued credentials
with a single entry/context since the cardKeyHash is a multi-valued
attribute.
The reason for the limitation is that we are using the personal card as
the key into the entry behind a managed card, and not using any identifier
from the managed card itself in the key.
I'd like to discuss the feasibility of changing the scheme to include
(Managed Card ID+SI PPID+SI Modulus+SI Exponent) in the cardKeyHash
computation. This would enable one personal card to be associated with
multiple managed cards.
Thanks,
Mike
