Re: issue: description of SubjectConfirmation/KeyInfo (in SAML core)precludes impersonation

[Ron Monzillo <Ronald.Monzillo@Sun.COM>]

In looking at this further, I now think that SAML CORE should not say 
anything
about the semantics of the data in keyInfo. These semantics should be 
defined
as part of the definition of the specific confirmation methods. I still 
believe
lines 676-677 should change, but I now think they should be changed to 
say the
following:

677: An XML Signature [XMLSig] element that identifies a cryptographic key.

Furthur, I think we should take a closer look at what the SAML BIND says 
about hok

> 863 5.1 Holder of Key
> 864 URI: urn:oasis:names:tc:SAML:1.0:cm:holder-of-key
> 865 A <ds:KeyInfo> element MUST be present within the 
> <SubjectConfirmation> element.
> 866 As described in [XMLSig], the <ds:KeyInfo> element holds a key or 
> information that enables an
> 867 application to obtain a key. The subject of the statement(s) in 
> the assertion is the party that can
> 868 demonstrate that it is the holder of the key. 

I can guess the intent of the last sentence, but it seems to me that its 
interpretion
depends on what one thinks was meant by the 2 uses of "is" in this sentence.

For example, the party that can demonstrate ... the key "is" the subject 
of the assertion;
as in, is to be recognized as the subject, vs. must be the subject.

Ron

Ron Monzillo wrote:

> 676: <ds:KeyInfo> [Optional]
> 677: An XML Signature [XMLSig] element that provides access to a 
> cryptographic key held by the subject.
>
> The wss stp attempts to describe a holer-of-key impersonation model, 
> where the
> entity that confirms knowledge of the key is other than the subject of 
> the assertion.
>
> IMO, the text in SAML core, should be changed to say something like:
>
> 677: An XML Signature [XMLSig] element that identifies a cryptographic 
> key that must be demonstrated to satisfy the confirmation method.