[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] destination-side enforcement of one-time artifactuse
Mishra, Prateek wrote on 9/10/2004, 3:56 PM: > The service provider MUST ensure that an artifact value is not replayed. > This may be achieved by maintaining a table of artifact values. Artifact > values need only be entered into the table for the period of time during > which the corresponding assertion (i.e., assertion obtained by > dereferencing > the artifact) is valid. This seems like an implementation detail rather than a requirement. I can see how this can be done without any such tables. For example, the destination could maintain a table of acceptable artifacts and when one is presented, the artifact is removed from the table. Note also that the artifact generator could be either end of the communications path. So my suggestion would be along the lines of: The generator of an artifact MUST ensure that that artifact is only dereferenced once. Subsequent attempts to dereference the same artifact MUST be refused. We probably should add someting about this being a hint that there is a substantial security problem in process when this is detected and I would consider recommending that the generator take steps to undo the operations of the initially successful dereference when a subseqent dereference is detected (such as initiating an SLO operation to the destination provider). Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]