security-services message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: X509 authn based attribute protocol profile
- From: "Conor P. Cahill" <concahill@aol.com>
- To: SAML <security-services@lists.oasis-open.org>
- Date: Wed, 1 Jun 2005 12:03:48 -0400
I have several concerns with this profile:
- The use of
the x509 cert to authenticate at multiple SPs sheds some of the
potential user's privacy blanket as those providers will all know the
user by the same ID. We should at least note this somewhere in some
considerations for the use of the profile.
- There
doesn't appear to be any tying of the DN presented by the SP to an
actual authentication event at the SP (e.g. the SP can remember the DN
for days, weeks, years and reuse it whenever it wants). In fact, the
SP could just make up a DN and try it to see if it works or the SP
could have gotten the DN from another SP. Either we should solve this
problem or we should say that this has nothing to do with
authentication and just say it is DN based attribute lookup (we don't
care how the DN got to the SP as far as I can tell in the protocols).
- There
doesn't appear to be any discussion on the fact that the IdP should be
extremly careful about who it allows to submit such requests (which
SPs) and that it should have some measure of trust in the SP.
- There
probably should be some discussion about the fact that the IdP may want
to give the principal some level of control over which SPs can query
which data from them (and/or have some means of optaining real-time
consent when the request is made).
Conor
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]