[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: XACML TC Charter Revision - Strawman
> In the case of SAML, the recipient of a AuthZ Decision Assertion is supposed > to be a PEP who is enforcing access to some resources, not the end user who > is trying to access them. Presumably, the PEP has previously authenticated > itself to the satisfaction of the PDP. As I implied in my previous message, > if you are worried about leakage, you can use confidentiality (encryption). > This could even work if the assertion is passed via the user, assuming the > PEP knows the key and the user does not. ok. however, 'supposed to be' and 'presumably' in this context are the fundamental premises of 'man in the middle' style attack (which is why neither authentication, nor authorization is enough alone). again, i may just be paranoid, but if PEP <-> PDP communications are not local, this is a possibility. i think the real question becomes what are the pros/cons of discrete responses vs. potential risks of such an exploit? > In the positive side, we do have requirements in SAML to be able to save > Assertions for non-repudiation purposes. In SAML v1 the Assertion will tell > you if the actions is allowed, but except for the object, the things in the > assertion and the inputs to the policy decision may not be the same. I was > hoping we could eventually fix this. fyi: i don't have access to cross post to the saml list (a shortcoming of unidirectional policy enforcement :o), so i look to you for representation there where relevant. thanks b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC