[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Indexical reference problem defined
Gil, Don't apologize -- I never really explained it. There are (at least) three kinds of references: Nominative: A nominative reference refers to a subject by stating the subject's name, and makes a statement about that subject. Example: "Bob Blakley is an IBM employee" The name might or might not be unique, and the speaker and the listener might or might not agree on which subject it refers to. However, it is at least in principle possible that there is only one subject to whom the name refers, and that everyone (or at least the speaker and the listener) agree on which subject that is. Descriptive: A descriptive reference refers to a subject by describing an attribute of the subject, and makes a statement about the subject. Examples: "The man in the red sweater is an IBM employee" "The next person in line is an IBM employee" "Anyone with an IBM ID card is an IBM employee" The attribute described need not be unique to a single subject, and the speaker and the listener need not agree on which subjects the attribute properly describes. However at least in principle it is possible that everyone (or at least the speaker and the listener) agree on which subjects an attribute properly describes. In general it is NOT possible that an attribute uniquely identifies a single subject all the time -- attributes may always describe more than one subject, and attributes may describe different subjects at different times or in different contexts. Indexical: An indexical reference refers to a subject by "pointing at it", and makes a statement about the subject. Example: "He is an IBM employee" An indexical reference NEVER uniquely identifies a subject independent of the context of the statement. Unless the speaker and the listener share both a single context and a common interpretation of the context, they will NOT agree on which subject the reference identifies. As an example, I'm sitting in a hotel room in Berlin as I type this. I have a "he" in mind. I even pointed at "him". Who is the subject? The reason indexical references are a problem in our current activity is as follows: Imagine I (Bob) log on to a web site -- say ibm.com. Now I want to access some affiliated site via SAML single signon. Let's say the affiliated site is oasis.org. I established my "identity" to ibm.com when I logged on. Now ibm.com wants to convince oasis.org to set up a session for me. How does ibm.com refer to me? "Set up a session for Bob" won't work -- oasis.org might understand "Bob", but how can it set up a session which I can connect to but somebody else can't? Since a nominative reference doesn't work, we might try a descriptive reference. But *what* descriptive reference? "The next guy who visits your site" would be a bad choice, as it would allow anyone who goes to oasis.org before I do to impersonate me. "The guy who presents the following secret" won't work either -- the only choices for the secret are: (1) my password, which we can't use because the whole point of the exercise is to eliminate the second login, or (2) a session key, which will be subject to spoofing and re-use unless we assume client-side software to build authenticators. Thus we're left with an indexical reference. But this is also very hard. "Set up a session for him" won't work out of the box -- ibm.com and oasis.org don't share a context, since I'm not currently in contact with oasis.org, so "him" has no meaning to oasis.org. The indexical reference problem, therefore, is to figure out how to create a shared context between ibm.com and oasis.org which doesn't permit session splicing, token-stealing, and other attacks, and which doesn't require new client software. --bob Bob Blakley (blakley@tivoli.com, regardless of what the email headers may say!) Chief Scientist Enterprise Solutions Unit Tivoli Systems, Inc. (an IBM Company) "Pilz, Gilbert" <gpilz@jamcracker.com> on 04/20/2001 08:30:46 PM To: security-services@lists.oasis-open.org cc: Subject: indexible references problem ? Hey all, Sorry if this is out of order, but I never completely understood what the "indexible references problem" was that Bob B. kept reffering to when we were discussing the possibility of dropping SSO support from the spec. I have an idea what it might be, but I thought S2ML did a pretty good job of addressing that issue when they specified that you formed the reference to an assertion by perfroming a hash on the assertions contents. -- <<Gilbert Pilz.vcf>> (See attached file: Gilbert Pilz.vcf)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC