[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Indexical reference problem defined
Gil,
Don't apologize -- I never really explained it.
There are (at least) three kinds of references:
Nominative:
A nominative reference refers to a subject by stating the subject's
name, and makes a statement about that subject.
Example: "Bob Blakley is an IBM employee"
The name might or might not be unique, and the speaker and the
listener might or might not
agree on which subject it refers to. However, it is at least in
principle possible that there is only
one subject to whom the name refers, and that everyone (or at least
the speaker and the
listener) agree on which subject that is.
Descriptive:
A descriptive reference refers to a subject by describing an
attribute of the subject, and makes a statement
about the subject.
Examples: "The man in the red sweater is an IBM employee"
"The next person in line is an IBM employee"
"Anyone with an IBM ID card is an IBM employee"
The attribute described need not be unique to a single subject, and
the speaker and the listener
need not agree on which subjects the attribute properly describes.
However at least in
principle it is possible that everyone (or at least the speaker and
the listener) agree on
which subjects an attribute properly describes. In general it is NOT
possible that an attribute
uniquely identifies a single subject all the time -- attributes may
always describe more than
one subject, and attributes may describe different subjects at
different times or in different contexts.
Indexical:
An indexical reference refers to a subject by "pointing at it", and
makes a statement about
the subject.
Example: "He is an IBM employee"
An indexical reference NEVER uniquely identifies a subject independent
of the context of the
statement. Unless the speaker and the listener share both a single
context and a common
interpretation of the context, they will NOT agree on which subject
the reference identifies.
As an example, I'm sitting in a hotel room in Berlin as I type this.
I have a "he" in mind. I even
pointed at "him". Who is the subject?
The reason indexical references are a problem in our current activity is as
follows:
Imagine I (Bob) log on to a web site -- say ibm.com. Now I want to access
some affiliated site via SAML
single signon. Let's say the affiliated site is oasis.org. I established
my "identity" to ibm.com when I logged
on. Now ibm.com wants to convince oasis.org to set up a session for me.
How does ibm.com refer to me?
"Set up a session for Bob" won't work -- oasis.org might understand "Bob",
but how can it set up a session
which I can connect to but somebody else can't?
Since a nominative reference doesn't work, we might try a descriptive
reference. But *what* descriptive
reference? "The next guy who visits your site" would be a bad choice, as
it would allow anyone who goes
to oasis.org before I do to impersonate me. "The guy who presents the
following secret" won't work either -- the
only choices for the secret are: (1) my password, which we can't use
because the whole point of the exercise
is to eliminate the second login, or (2) a session key, which will be
subject to spoofing and re-use unless we
assume client-side software to build authenticators.
Thus we're left with an indexical reference.
But this is also very hard. "Set up a session for him" won't work out of
the box -- ibm.com and oasis.org don't
share a context, since I'm not currently in contact with oasis.org, so
"him" has no meaning to oasis.org.
The indexical reference problem, therefore, is to figure out how to create
a shared context between ibm.com
and oasis.org which doesn't permit session splicing, token-stealing, and
other attacks, and which doesn't
require new client software.
--bob
Bob Blakley (blakley@tivoli.com, regardless of what the email headers may
say!)
Chief Scientist
Enterprise Solutions Unit
Tivoli Systems, Inc. (an IBM Company)
"Pilz, Gilbert" <gpilz@jamcracker.com> on 04/20/2001 08:30:46 PM
To: security-services@lists.oasis-open.org
cc:
Subject: indexible references problem ?
Hey all,
Sorry if this is out of order, but I never completely understood what the
"indexible references problem" was that Bob B. kept reffering to when we
were discussing the possibility of dropping SSO support from the spec. I
have an idea what it might be, but I thought S2ML did a pretty good job of
addressing that issue when they specified that you formed the reference to
an assertion by perfroming a hash on the assertions contents.
--
<<Gilbert Pilz.vcf>>
(See attached file: Gilbert Pilz.vcf)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC