Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hash PII info in a storable hash for us to check against for MPI consistency #8381

Open
bosawt opened this issue Nov 4, 2021 · 0 comments
Open

Hash PII info in a storable hash for us to check against for MPI consistency #8381

bosawt opened this issue Nov 4, 2021 · 0 comments
Labels
identity identity-backend Identity team backend label

Comments

@bosawt
Copy link
Contributor

bosawt commented Nov 4, 2021

Here's how it might go:

  • Initial IAL2 login from login.gov, we have eauth headers with PII
  • Hash Name, Birth-date, SSN, store this in Account table or whatever analogy we're using. Mapping is now login_gov_uuid -> icn and pii_hash
  • Future IAL1 logins prove they've been verified before, so we look up login_gov_uuid, retrieve icn, and make MPI call
  • We hash the PII from MPI call and compare to the pii_hash value
    *If it matches, user is authed at IAL2 Level
  • If it does not match, user is upleveled to IAL2 through standard auth flow, we store new values for icn and pii_hash
@bosawt bosawt added identity identity-backend Identity team backend label labels Nov 4, 2021
@tynyttie tynyttie self-assigned this Jul 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
identity identity-backend Identity team backend label
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tynyttie @bosawt