On 12/02/2012 11:09 PM, Shane Bryzak wrote:
On 12/01/2012 09:55 PM, Darran Lofthouse wrote:
> * Multiple Representations of Same Credential *
>
> Another requirement I may have is storing multiple representations of
> the same Credential against the same user - this is just thinking out
> loud at the moment so not sure if this would be a responsibility of the
> IdentityStore.
>
> The situation here is that the user has one password but we want to
> support two different hashes with Digest authentication - if we want to
> choose to pre-hash the password with the username and realm we would
> need to do that once per type of hash supported.
>
> The benefit of pre-hashing in this way is that if the user has used the
> same password but for a different realm someone gaining access to the
> hashed form does not necessarily get access to all of that users accounts.
I'm not quite sure I understand this one. In the latest design of the
identity model, a User belongs to a single Realm. What's the definition
of a realm in the context of your use case?
In this case the user is still a single user in a single realm but we
may support two hash mechanisms for Digest authentication e.g. MD5 and
SHA-256 - if we are choosing to not store the password in a recoverable
format we may instead store a MD5 hash of "username : realm : password"
AND a SHA-256 hash of "username : realm : password".
Both hashes are based on the exact same data so it is only the hash
algorithm that differs.