There was an earlier post about how a php Idp created its unique IDs
based entirely on hashing algorithm plus RP name plus user ID (if I
remember correctly), and there was no checking of hash collisions, and
if any of these input values changed (which they have been known to do)
then the ID changes. So the ID is not guaranteed to be either unique or
permanent. hence it needs to be stored in a database
David
On 22/05/2014 14:38, Sam Hartman wrote:
>>>>>> "David" == David Chadwick <[log in to unmask]> writes:
>
> David> Why not ask the user to choose an ID and then store it? After
> David> all the IDP has to store the value that it auto-generates, as
> David> someone pointed out in an earlier post. We cant rely on
> David> recreation on the fly.
>
> I missed an argument about why we cannot recreate on the fly.
> We're doing that today and it seems to be working well enough with CUI.
>
|