Re: New proposed solution to the QC biometric issue

[Stephen Kent <kent@xxxxxxxxxxx>]

Stephen,

>- if you're only storing a hash, how do I find the
>original - maybe a URI is needed in addition

maybe, but not always.  the template can be passed as part of a
transaction, or be stored in a file, or whatever.  because there are
multiple, legitimate ways to provide the template, and nthey may differ for
the same cert user in different contexts, I think it inappropriate to
incorporate any one in the cert itself.

>- if you buy into the above, couldn't the URI replace
>the OID (since e.g. a HTTP response has a MIME type
>which identififes at least the syntax and also
>identifies the transfer encoding of the actual data)

I'm not in favor of the above, and anyway, HTTP is but one possible
transport medium ...

>- you'll need an algo id somewhere or you can't recalc. the
>hash



>- you'll need to specify how the actual data is to be
>flattened before hash calculation (e.g. strip CR/LF or
>whatever), this could be incorporated with the
>algo id (so use a transform id)

do you mean canonicalize the template?  these templates are typically
binary, not ASCII, I think.  Any canonicalization rules should be specified
in the ID we use to specify the template type, maybe as a sub-type.

Steve