[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Defective sign & encrypt vis-a-vis SAML?
> one might say that SAML assertions with the "bearer" subject raise > some of these same issues ... And one might further wonder whether SAML > assertions in general will want to explicitly identify the intended > receiver of the assertion. Yes, those are excellent questions, especially the second, and thanks for forwarding Jon Callas' msg. At F2F #3, during the security considerations subgroup report, I mentioned a "recent paper" that may have some applicability in our context -- it was specifically Don Davis' paper. The analysis behind Don's paper is essentially an application of Abadi & Needham's earlier "crypto protocol engineering principles" paper.. Prudent Engineering Practice for Cryptographic Protocols http://citeseer.nj.nec.com/abadi96prudent.html ..and Anderson and Needhams's PK-specific engineering principles paper.. Robustness principles for public key protocols http://citeseer.nj.nec.com/2927.html I think what we need to do soon (arguably once we have a first pass at specifying how we sign assertions et al), is sit down with the two above papers and apply their principles to SAML and see what all we learn. We'll likely find things that we should factor back into the design (to correct for), and things that we need to discuss in the security considerations. JeffH
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC