RE: [imi] Hopefully last change to the IMI spec before producing aCommittee Draft

[Mike Jones <Michael.Jones@microsoft.com>]

Actually, the per-user information can even be public information provided that it’s different for different users and *a secret value* is included as an input to the computation.  For instance, if the computation was the following:

    PPID = CryptographicHash(ClientPseudonym + PerUserInfo + Secret);

even if the secret was the same for all users, provided it was known only to the IdP and never disclosed, the PPID would still have all the security properties we want it to have.

 

                                                                -- Mike

 

From: John Bradley [mailto:jbradley@mac.com]
Sent: Wednesday, February 18, 2009 7:18 PM
To: Michael McIntosh
Cc: Anthony Nadalin; imi@lists.oasis-open.org; Mike Jones
Subject: Re: [imi] Hopefully last change to the IMI spec before producing a Committee Draft

 

Yes, Not disclosed to RPs, Cardholders or anyone else.

 

The question is how much detail we need in the spec itself for a SHOULD.

 

As long as the spec is clear I am OK with the long form of the explanation of this being in the accompanying document.

 

John B.

 

On 18-Feb-09, at 11:07 PM, Michael McIntosh wrote:

John Bradley <jbradley@mac.com> wrote on 02/18/2009 08:51:08 PM:

> The important points are that it is card specific entropy stored by
> the IdP and never disclosed to RPs in any way.

Actually, this entropy needs to be treated as a secret and it should be [pseudo]random. The danger is not from RPs but from other cardholders from the same IdP.

Regards,
Mike