OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: SAML does not support audit of assertion dependency between co-operating authorities...



One issue with draft-sstc-core-07.doc is a lack of 
support for audit of assertion dependency between co-operating
authorities. As one explicit goal of SAML was to support
inter-domain security (i.e., each authority may be
administered by a separate business entity) 
this seems to be a serious "gap" in reaching that goal.

Consider the following example:

(1) User Ravi authenticates in his native security domain and receives
    Assertion A:

	 <Assertion>
         <AssertionID>http://www.small-company.com/A</AssertionID>
         <Issuer>URN:small-company:DivisionB</Issuer>
         <ValidityInterval> . . . </ValidityInterval>
         <Claims>
            <subject>"cn=ravi, ou=finance, id=325619"</subject>
            <attribute>manager</attribute>
         </Claims>
      </Assertion>



(2) User Ravi authenticates to the Widget Marketplace using assertion A and
based
on the policy:
	
	All entities with "ou=finance" authenticated thru
     small-company.com with attribute manager have purchase limit $100,000

receives Assertion B from the Widget Marketplace:

	<Assertion>
        <AssertionID>http://www.WidgetMarket.com/B<AssertionID>
        <Issuer>URN:WidgetMarket:PartsExchange</Issuer>
        <ValidityInterval>. . . </ValidityInterval>
        <Claims>
           <subject>"cn=ravi, ou=finance, id=325619"</subject>
           <attribute>max-purchase-limit-$100,000</attribute>
        </Claims>
     <Assertion>


(3) User Ravi purchases farm machinery from a parts provider hosted at the
Widget Marketplace. The parts provider authorizes the transaction based on
Assertion B.

Even though Assertion B has been issued by the Widget Marketplace 
in response to assertion A 
(I guess another way to look at this to view assertion A 
as the subject of B as in [1]) there is no way to represent this information

within SAML. 

If there is a problem with Ravi's purchases at the Widget Marketplace (Ravi
wont pay
his bills) there is nothing in the SAML flow that ties Assertion B to
Assertion A. This
appears to be a significant missing piece to me.



- prateek mishra

[1]
http://lists.oasis-open.org/archives/security-services/200105/msg00152.html


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC