[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] holder-of-key subject confirmation
I think we are in agreement. I had added: "It would seem that the main reliance of the RP in this scenario is on the trust it has in C2, and the saml assertion can be thought of possibly as a 2nd factor of authentication, making the RP more confident in C2, then it would be otherwise." indicating that in addition to "bearer" capability, the fact that the subject names agree means that if the scenario is primarily thought of as single factor x.509 based on C2, then the user can add the saml(hok) assertion in as a 2nd factor, which adds significant value. My point is that in this scenario, RP places primary trust on C2, and only uses IdP to augment that trust, but IdP is not accountable for anything user does based on C2. I guess the only thing I am wondering about is why the IdP would issue an hok to a user who did not intend to use the hok. i.e. would not a bearer token be more appropriate for such a use? (Generally, by issuing an hok, and IdP is authorizing the user to submit a whole collection of information that the IdP has in some sense agreed to be a party to. As such the IdP would probably want to limit its issuance of hok assertions to users who would only be authorized to act within some defined scope of activity. If the IdP did not want to be involved in any such scope, then from a subject confirmation perspective I think the bearer token would offer the same amount of authenticity without leaving an open-ended capability that might implicitly tie the IdP to any particular use of the assertion.) Thanks, Rich Tom Scavo wrote: ea2af9bd0805121604k270ea838xb2f4ca23004d655@mail.gmail.com" type="cite">On Mon, May 12, 2008 at 6:47 PM, Rich.Levinson <rich.levinson@oracle.com> wrote:The weakness I see here is that it seems to reduce a strong token (saml hok) to the level of a bearer token, because the inherent strength of the hok is not being used.Not quite, since the IdP binds a name to the assertion, and that name happens to be the same name bound to the certificate C2 that the RP trusts. So there's a linkage between the authentication token (C2) and the authorization token (signed SAML assertion), not quite as strong as typical h-o-k, but stronger than bearer, I think. (I know, I've used the words "strong" and "stronger" without defining what that means, so you're welcome to throw stones :) Tom |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]