RE: [security-services] destination-side enforcement of one-time artifact use

["Scott Cantor" <cantor.2@osu.edu>]

> This seems like an implementation detail rather than a requirement.
> I can see how this can be done without any such tables.  For
> example, the destination could maintain a table of acceptable
> artifacts and when one is presented, the artifact is removed
> from the table.  Note also that the artifact generator could
> be either end of the communications path.

Prateek is talking about a second issue, uncovered by the IBM paper. In
addition to the artifact issuer enforcing one-time use (which can be done as
you suggest), the artifact *receiver* should also do this by tracking
artifacts it gets and do replay detection on them, to prevent an attacker
from sabotaging the dereference step and then resubmitting the artifact
himself.

This can't be done any way other than Prateek suggests, since the receiver
has no list of artifacts except for those it receives (and should then
remember until the validity of the associated message runs out).

-- Scott