At the Internet Identity Workshop in May, 2009, I spoke to Alan Karp and Tyler Close of HP Labs about their research on authorization without identity. Here are my Delicious links on the subject.
This led me to write code to generate a "web-key," the shared secret needed to implement the access control method discussed.
In his paper, Tyler Close recommends 70 bits for the shared secret, encoded as a 13-character Base32 string. I used 72 bits, so the secret is a 12-character, URL-safe Base64 string without padding characters.
I'm new to Python and Django, so I welcome refinements!
1 2 3 4 5 6 7 8 9 | class Foo(models.Model):
secret = models.CharField(max_length=12, blank=True, editable=False)
def generateSecret(self):
s = struct.pack('L', random.getrandbits(32))
s += struct.pack('L', random.getrandbits(32))
s += struct.pack('L', random.getrandbits(8))
self.secret = base64.urlsafe_b64encode(s[0:9])
self.save()
|
More like this
- Template tag - list punctuation for a list of items by shapiromatron 11 months, 2 weeks ago
- JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 11 months, 3 weeks ago
- Serializer factory with Django Rest Framework by julio 1 year, 6 months ago
- Image compression before saving the new model / work with JPG, PNG by Schleidens 1 year, 7 months ago
- Help text hyperlinks by sa2812 1 year, 7 months ago
Comments
Please login first before commenting.