[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [imi] SAML 2 profile questions
> Understood. But this is not an (unknown) attacker, it is a fraudulent > (known) user changing his token, which is different. These can be caught > with auditing. How would it be caught? For starters, I can impersonate anybody I want to be if I know the appropriate shared identifier. In many cases, that's likely to be significantly easy to discover (guess what my eduPersonPrincipalName is?) > So its less of a risk than an unknown attacker, and in > some situations e.g. student access to library systems, it might be too > low a risk to worry about the extra cost of signing. Thus it should be > the choice of the RP whether signing is needed or not. After all, it is > the RP that faces the risk. There are degrees of security, but I cannot support this. If somebody wants to create an unsigned profile, that's out of my hands, but this is a proposal for matching the level of security in existing non-IMI profiles. > But if user's dont have keys and their client software does not > automatically mint and manage them for it, then you cant use holder of > key (even if we would like to). Selectors already have to do this to support unmanaged cards. It's a huge missed opportunity. But what I would prefer aside, the point remains that we don't have HoK, and without strong warnings, people will fail to understand the difference here. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]