On 5/30/14, 11:35 AM, "Sam Hartman" <[log in to unmask]> wrote:
>
>In IETF terms:
>
>* MUST be scoped with IETF realm
>
>* MUST be a one-way function of the username that the RP cannot compute
I think that's a mistake. The best choice is a database and simply
randomly generating and storing them. I don't see why you have to require
it to be a hash.
I think the MUST is just that it can't be feasible to deduce the username
from the identifier.
-- Scott
|