Dashboard > openOSI Object Identifier name space > ... > 1.3.6.1.4.1.27630.2.1.1 > 1.3.6.1.4.1.27630.2.1.1.64
  openOSI Object Identifier name space Log In   View a printable version of the current page.  
  1.3.6.1.4.1.27630.2.1.1.64
 Browse Space
Added by Jose REMY, last edited by Jose REMY on Aug 29, 2007
Labels: 
(1.3.6.1.4.1.27630.2.1.1.64 DESC 'osiICardPrivatePersonalID' )

osiICardPrivatePersonalID attribute OID of openosi.schema for X500 / LDAP directory

Notation

This object identifier (OID) describes osiICardPrivatePersonalID attribute of openosi.schema .

ASN1 notation: {iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) openosi(27630) identification(2) schema(1) attribute(1) osiICardPrivatePersonalID(64)}
URN notation: urn:oid:1.3.6.1.4.1.27630.2.1.1.64
IETF DOT notation: 1.3.6.1.4.1.27630.2.1.1.64
BNF notation (RFC822 Backus-Naur form): ( 1.3.6.1.4.1.27630.2.1.1.64 DESC 'osiICardPrivatePersonalID' )
Description: osiICardPrivatePersonalID attribute OID of openosi.schema for X500 / LDAP directory

Definition

osiICardPrivatePersonalID attribute is a container for attributes types conforming with RFC4512 specification.

DESC 'sha1(base64(PPID + Public Key Modulus + Public Key Exponent))'

inspired from Microsoft tech. note

A private personal identifier (PPID) that identifies the subject to a relying party. The word "private" is used in the sense that the subject identifier is specific to a given relying party and hence private to that relying party. A subject's PPID at one relying party cannot be correlated with the subject's PPID at another relying party. Typically, the PPID should be generated by an identity provider as a pair-wise pseudonym for a subject for a given relying party. For a self-issued information card, the self-issued identity provider in an Identity Selector system should generate a PPID for each relying party as a function of the card identifier and the relying party's identity.

If an identity provider offers the "private personal identifier" (or PPID) claim type, it MUST generate values for the claim that have the prescribed privacy characteristic using data present in the RST request.

When the target scope information is sent in the token request using the wsp:AppliesTo element, that information can be used by the IdP (Identity provider) /STS (Secure Token Service) to generate the appropriate PPID value. When token-scope information is not sent, an Identity Selector MUST specify the PPID information it would like used in the issued token by using the ic:PPID element in the RST request. This element contains an opaque yet consistent reference for the relying party and is computed as described hereafter. The IdP (Identity provider) /STS (Secure Token Service) MAY use this value as is or as an input seed to a custom function, to derive a value for the PPID claim.

The PPID information MUST be sent using the following XML element in a token request.

In order to compute PPID as a function of the RP's organizational identity, a stable and unique identifier for the RP, called the "RP identifier," is needed. In the Information Card model, the identity of a relying party (RP) is presented in the form of an X.509v3 certificate. Therefore the organizational identity of the Relying Party (web service) comes from the X.509 certificate subject.

As specified in RFC 2459, the subject field inside an X.509 certificate identifies the entity associated with the public key stored in the subject public key field. Where it is non-empty, the subject field MUST contain an X.500 distinguished name (DN). The DN MUST be unique for each subject entity certified by the one CA as defined by the issuer name field

For RP identifier computing see osiICardRemotePartyID

Microsoft PPID computing

get osiICardHashSalt
decode base64(osiICardHashSalt)=SaltBytes
get osiICardMasterKey
decode base64(osiICardMasterKey)=MasterBytes

Client Pseudonym PPID = SHA256 (MasterKeyBytes + RP identifier + SaltBytes)

open source HIGGINS PPID computing

osiICardId = CanonicalCardId
CanonicalCardId = SHA256 (CardIdBytes)

PPID = SHA256 (RP identifier + CanonicalCardId)

Note: The CanonicalCardId is the first of multi valued osiICardID

Syntax

attributetype (1.3.6.1.4.1.27630.2.1.1.64    
	NAME ( 'osiICardPrivatePersonalID' 'icPrivatePersonalID' 'icClientPseudonym' 'icPPID' )
	DESC 'sha1(base64(PPID + Public Key Modulus + Public Key Exponent))'
	EQUALITY octetStringMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
	SINGLE-VALUE )

Usage

It is mentionned by the following objectclasse:

XML

<wst:RequestSecurityToken>
  <ic:ClientPseudonym>
    <ic:PPID> xs:base64Binary <ic:PPID>
  </ic:ClientPseudonym >
  ...
</wst:RequestSecurityToken>


For quick OID check (when registered) go to oid-info and use the following syntax:
www.oid-info.com/get/<OID number>


OID XML format

<oid>
<asn1-notation>{iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) openosi(27630) identification(2) schema(1) attribute(1) osiICardPrivatePersonalID(64)}</asn1-notation>
<description>osiICardPrivatePersonalID attributeOID of info card for openosi.schema for X500 / LDAP directory</description>
<information>More <i>information</i> can be found in <a href="http://openosi.org/osi/display/oid/1.3.6.1.4.1.27630.2.1.1.64">osiICardPrivatePersonalID attributeOID of info card for openosi.schema for X500 / LDAP directory</a> </information>
</oid>
Site powered by a free Open Source Project / Non-profit License (more) of Confluence - the Enterprise wiki.
Learn more or evaluate Confluence for your organisation.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.4.2 Build:#703 Mar 12, 2007) - Bug/feature request - Contact Administrators