OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: URI security problems

> It is true that hashing the entire name assertion would make 
> binding even stronger
> but it looks like overkill to me.  Why bother to sign the 
> name assertion in the first
> place if you can't trust such a in basic cryptographic operation?
Hi Anders,
In my opinion, a linkage scheme based on hashing the object to generate
its ID is better, because it imposes fewer requirements on issuers and
makes the scheme more robust. You can't accidently reuse your own or
elses ID, unless the hash has collided. It also serves as an additional
on the integrity of the linkage (incase you have accidently trusted a "bad"
generating IDs that are being used by another issuer). The latter may be
important if
you have many trust relationships.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC