1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. connect
  4. Issues

Messages 2.1.1.1.1 - Pairwise Identifier Algorithm not reversible

Issue #518 resolved
Michael Jones created an issue

Yaron Goland writes: "The suggested pairwise unique ID isn't reversible. That seems like kind of a pain. Wouldn't encryption be easier? I fully recognize that one can implement anything one damn well pleases but it just seems odd to push people in this direction. If we are anyway going to provide non-reversible identifiers then why bother with the SHA256 hash at all? Why not just use a GUID? This skips the complexity of the sector_identifier altogether."

Comments (7)

  1. John Bradley

    I used the hash as a simple example. Using encryption is more complicated to explain, but IdP are free to do it. Many of them do it now for openID 2.0. We have info card to thank for the hash. The sector identifier allows for people to move there protocol endpoint without destroying all of there users accounts. A real problem with info-card and openID 2.0. In some cases you have a related group of sites that need to have the same user_id across domain names.

  2. Michael Jones reporter

    We could add a statement that the IdP can use any algorithm it wants provided it isn't reversible by the RP. We could also add another example that encryption could be used, rather than a hash.

  3. Michael Jones reporter

    I propose to add this sentence after the first sentence: "The user_id MUST NOT be reversible by any party other than the OpenID Provider."

    I also propose to change this example text:

    A number of algorithms MAY be used by Providers to calculate the pairwise identifier. This specification includes a simple example.

    For instance, the Sector Identifier can be concatenated with a local account ID and a salt value that is kept secret by the Provider. The concatenated string is then hashed by an appropriate algorithm.

    Calculate user_id = SHA256 ( sector_identifier | local_account_id | salt ).

    to this:

    A number of algorithms MAY be used by Providers to calculate the pairwise identifier. This specification includes two simple examples.

    For instance, the Sector Identifier can be concatenated with a local account ID and a salt value that is kept secret by the OP. The concatenated string is then hashed by an appropriate algorithm.

    Calculate user_id = SHA256 ( sector_identifier | local_account_id | salt ).

    Another possibility is to encrypt the Sector Identifier and local account ID using a key known only to the OP.

    Calculate user_id = AES-GCM ( sector_identifier | delimiter | local_account_id ).

  4. Michael Jones reporter

    I see that John has already done this in edit 613. I propose that we close this based upon his edit.

  5. Nat Sakimura

    Just noticed that we have not defined '|' as a concatenation string. We need to mention that before the first example.

    In this respect, perhaps it is better to use '' or something which is more distinctively unique as concatenation string. A simple '|' looks like an OR.

  8. Log in to comment
Assignee
Type
bug
Priority
minor
Status
resolved
Component
Messages
Milestone
Version
Votes
0
Watchers
0
Jira Software: the preferred issue tracker for Bitbucket. Join the team!