[upki-fed:53] Re: [upki-fed:52] RE: [upki-fed:51] Re: [upki-fed:50] $B!Z<ALd![(BShibboleth IdP 2.1.2$B$K$7$?$i(BeduPersonTargetedID$B$N%U%)!<%^%C%H$,JQ$o$j$^$9$+!)(B

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[upki-fed:53] Re: [upki-fed:52] RE: [upki-fed:51] Re: [upki-fed:50] $B!Z

Subject: [upki-fed:53] Re: [upki-fed:52] RE: [upki-fed:51] Re: [upki-fed:50] $B!Z
Date: Thu, 20 Aug 2009 13:02:54 +0900
From: Toyokazu Akiyama <xxxxxxx@xxxxxxxxxxxxxxxxxx>

$B5~;:Bg$N=);3$G$9!%(B

ComputedID $B$+$i$N0\9TItJ,$K$D$$$F$OA4A3%F%9%H$G$-$F$$$J$+$C$?$N$G$9$,!$(B
$B3+H/https://spaces.internet2.edu/display/SHIB2/ResolverStoredIDDataConnector

The first ID created for a given requester is always the same as those
created by the computed ID data connector in order to provide a
migration path from that data connector. Every subsequently generated
ID for a given user/IdP/SP triple, if the first one is revoked, is a
Type 4 UUID.

$B$H$$$&$3$H$G!$:G=i$O(B computed ID data connector $B$HF1$8J}K!$G(B eduPersonTargetedID
$B$r@8@.$7!$$=$l0\9T$O(B UUID Type4$B!J(B- $B$G6h@Z$i$l$?$b$N!K$r@8@.$9$k$i$7$$$G$9!%(B
$B:G=i$O(B Computed ID data connector $B$G!$e=q$-$5$l$F$$$^$7$?!%(B
# Eclipse $B$N(B JPDA $B%G%P%C%0%b!<%I$G3NG'$7$^$7$?!%(B

$B$b$7$3$NJ}K!$r;H$&$N$G$"$l$P!$K\2H$K%P%0Js9p$7$?J}$,$h$5$=$&$G$9$M!%(B

$B$*$=$i$/!$@5$7$$;H$$J}$H$7$F$O!$:G=i(B ComputedID $B$GEPO?$7$F$*$$$F!$FCDj$N(B SP $B$K(B
$B$D$$$F(B UUID $B$K0\9T$9$k$3$H$r7hDj$7$?;~E@$G(B ComputedID $B$N%(%s%H%j$N(B deactivationDate
$B$r(B NOT NULL $B$K$9$l$P!$?7$7$/(B UUID $B$N%(%s%H%j$,@.8y$5$l$F!$$=$A$i$,;H$o$l$k$H$$$&(B
$B%m%8%C%/$J$s$@$H;W$$$^$9!%(B
# $B$D$^$j$9$Y$F$N(B SP $B$K$D$$$F!$#1$D$OL58z$J%(%s%H%j$r:n@.$9$kI,MW$,$"$k!)(B

2009$BG/(B8$B7n(B20$BF|(B10:53 $B$K(B Tomohiro Ito<xxxxxxxx@xxxxxxxxxxxxxxxxxxx> $B$5$s$O=q$-$^$7$?(B:
> $B;3CO@h@8(B
>
> $B;37ABg3X$N0KF#$G$9!#(B
> $B$4JV;v!"$"$j$,$H$&$4$6$$$^$9!#(B
>
> $B$3$s$J$H$3$m$K%3!<%I$,$"$C$?$N$G$9$M!#(B
>
> $B$J$s$H$J!<$/!"LdBjE@$,$o$+$C$F$-$^$7$?!#4V0c$C$F$$$k$+$b(B
> $B$7$l$^$;$s$N$G!">\$7$$J}%U%)%m!<$7$F$$$?$@$1$k$H9,$$$G$9!#(B
> Java$B$O!"JY6/ITB-$J$b$N$G$9$+$i!"4V0c$C$F$$$k2DG=@-$,$"$j$^$9!#(B
>
> edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataC
> onnector.StoredIDDataConnector.PersistentIdEntry
>
> $B$N%a%=%C%I$,JQ99$5$l$?$h$&$G$9!#(B
>
> Version 1.1.2$B$K$O!"?7$?$K!"(B
>
>        do {
>            log.debug("Generated persistent ID was already assigned to
> another user, regenerating");
>            persistentId = UUID.randomUUID().toString();
>        } while (pidStore.getPersistentIdEntry(persistentId, false) !=
> null);
>
> $B$,DI2C$5$l$?$h$&$G$9!#(B
> $B3+H/\$7$/$J$$$N$G?dB,$G$9$,!"(B
> Java$B$G(BDo { } while ($B<0(B)$B!!J,$r;H$&$H$-$O!"(B
> $B:G=i$N#1%k!<%W$OoF0:n$HH=CG$7$^$9!#(BLocalEntityId$B!"(BPeerEntityId$B!"(BLocalId, salt$B$,F1(B
> $B0l>r7o2<$G(B
> $B@8@.$7$F$_$k$HF1$8#I#D$,@8@.$5$l$J$$$h$&$G!"$A$g$C$H!"5$$K$J$C$F$$$^$7$?!#(B
>
> $B0J>e!#$h$m$7$/$*4j$$$7$^$9!#(B
>
> $B!;(BVersion 1.0.0
>
> protected PersistentIdEntry createPersistentId(ShibbolethResolutionContext
> resolutionContext, String localId,
>            byte[] salt) throws SQLException {
>        PersistentIdEntry entry = pidStore.new PersistentIdEntry();
>
> entry.setLocalEntityId(resolutionContext.getAttributeRequestContext().getLoc
> alEntityId());
>
> entry.setPeerEntityId(resolutionContext.getAttributeRequestContext().getInbo
> undMessageIssuer());
>
> entry.setPrincipalName(resolutionContext.getAttributeRequestContext().getPri
> ncipalName());
>        entry.setLocalId(localId);
>
>        String persisentId;
>        int numberOfExistingEntries =
> pidStore.getNumberOfPersistentIdEntries(entry.getLocalEntityId(), entry
>                .getPeerEntityId(), entry.getLocalId());
>        if (numberOfExistingEntries == 0) {
>            try {
>                MessageDigest md = MessageDigest.getInstance("SHA");
>                md.update(entry.getPeerEntityId().getBytes());
>                md.update((byte) '!');
>                md.update(localId.getBytes());
>                md.update((byte) '!');
>                persisentId = Base64.encodeBytes(md.digest(salt));
>            } catch (NoSuchAlgorithmException e) {
>                log.error("JVM error, SHA-1 is not supported, unable to
> compute ID");
>                throw new SQLException("SHA-1 is not supported, unable to
> compute ID");
>            }
>        } else {
>            persisentId = UUID.randomUUID().toString();
>        }
>        entry.setPersistentId(persisentId);
>
>        entry.setCreationTime(new Timestamp(System.currentTimeMillis()));
>
>        return entry;
>    }
>
> $B!;(BVersion 1.1.2
> protected PersistentIdEntry createPersistentId(ShibbolethResolutionContext
> resolutionContext, String localId,
>            byte[] salt) throws SQLException {
>        PersistentIdEntry entry = pidStore.new PersistentIdEntry();
>
> entry.setLocalEntityId(resolutionContext.getAttributeRequestContext().getLoc
> alEntityId());
>
> entry.setPeerEntityId(resolutionContext.getAttributeRequestContext().getInbo
> undMessageIssuer());
>
> entry.setPrincipalName(resolutionContext.getAttributeRequestContext().getPri
> ncipalName());
>        entry.setLocalId(localId);
>
>        String persistentId;
>        int numberOfExistingEntries =
> pidStore.getNumberOfPersistentIdEntries(entry.getLocalEntityId(), entry
>                .getPeerEntityId(), entry.getLocalId());
>        if (numberOfExistingEntries == 0) {
>            try {
>                MessageDigest md = MessageDigest.getInstance("SHA");
>                md.update(entry.getPeerEntityId().getBytes());
>                md.update((byte) '!');
>                md.update(localId.getBytes());
>                md.update((byte) '!');
>                persistentId = Base64.encodeBytes(md.digest(salt));
>            } catch (NoSuchAlgorithmException e) {
>                log.error("JVM error, SHA-1 is not supported, unable to
> compute ID");
>                throw new SQLException("SHA-1 is not supported, unable to
> compute ID");
>            }
>        } else {
>            persistentId = UUID.randomUUID().toString();
>        }
>
>        do {
>            log.debug("Generated persistent ID was already assigned to
> another user, regenerating");
>            persistentId = UUID.randomUUID().toString();
>        } while (pidStore.getPersistentIdEntry(persistentId, false) !=
> null);
>
>        entry.setPersistentId(persistentId);
>
>        entry.setCreationTime(new Timestamp(System.currentTimeMillis()));
>
>        return entry;
>    }
>
>> -----Original Message-----
>> From: xxxxxxxxxxxxxx@xxxxxxxxx [mailto:xxxxxxxxxxxxxx@xxxxxxxxx] On
>> Behalf Of xxxxxx@xxxxxxxxx
>> Sent: Thursday, August 20, 2009 12:16 AM
>> To: xxxxxxxx@xxxxxxxxx
>> Subject: [upki-fed:51] Re: [upki-fed:50] $B!Zhttp://svn.middleware.georgetown.edu/view/java-shib-common/tags/1.0.0/
>> src/edu/internet2/middleware/shibboleth/common/attribute/resolver/prov
>> ider/dataConnector/StoredIDStore.java?view=log
>> $B$H(B
>> http://svn.middleware.georgetown.edu/view/java-shib-common/tags/1.1.2/
>> src/main/java/edu/internet2/middleware/shibboleth/common/attribute/res
>> olver/provider/dataConnector/StoredIDStore.java?view=log
>>
>> $B$"$?$j$rHf3S$7$?$i0c$$$,$"$j$^$9$+!)(B
>> --
>> Kazu
>



-- 
Toyokazu AKIYAMA
Faculty of Computer Science and Engineering,
Kyoto Sangyo University
TEL/FAX: +81-75-705-1531

Follow-Ups:
- [upki-fed:55] RE: [upki-fed:53] Re: [upki-fed:52] RE: [upki-fed:51] Re: [upki-fed:50] $B!Z
  - From: Tomohiro Ito

References:

[upki-fed:50] $B!Z
From: Tomohiro Ito

[upki-fed:51] Re: [upki-fed:50] $B!Z
From: yamaji

[upki-fed:52] RE: [upki-fed:51] Re: [upki-fed:50] $B!Z
From: Tomohiro Ito

Prev by Date: [upki-fed:52] RE: [upki-fed:51] Re: [upki-fed:50] $B!Z

Next by thread: [upki-fed:55] RE: [upki-fed:53] Re: [upki-fed:52] RE: [upki-fed:51] Re: [upki-fed:50] $B!Z

Index(es):
- Date
- Thread