RE: [security-services] NIST prohibits use of SAML assertions at LOA 4

["Scott Cantor" <cantor.2@osu.edu>]

> Well, this is truly bizarre.

It's not new, that's how the previous document was, AFAIK.

> In other words, we don't trust PKI crypto enough to rely on DSIG, SSL/TLS,
> and other stuff.  So we'll rely on ... PKI crypto to do direct
> authentication.  Either the NSA knows something they are not telling us,
or
> this is pure voodoo and superstition.

Well, it's interpreted in light of the fact that browsers cannot perform
proof operations with SAML assertions. What they want is not PKI in general,
but PKI between the relying party and the client. More than a bearer token,
in other words. There's plenty to be said for that argument.

> Really, this seems to undermine the whole LOA scheme.  The LOA scheme is
(or
> was) based on the strength of the credentials and the identity proofing
> behind those credentials.  Now, we have the mechanisms for transporting
> those credentials called into question.

I think it's perfectly reasonable to take into account that bearer tokens
are weak. The authentication strength at an IdP might have some impact on
the vulnerability of the client/IdP step, but it has no impact on the
client/RP step. If the goal is to attack an application, that's where you'd
attack, not the IdP.

> But how do you convey level 4 over to a remote network if you don't use
> assertions (or rely on the same technology for transport and
> message-integrity as assertions)?

With clients that use keys. What one might ask is whether the use of a HoK
profile such as Nate has been drafting here would satisfy level 4.

-- Scott