[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] notBefore/notOnOrAfter unnecessary?
> >Please consider the following simple attack: > >(1) I log into the source site and am issued an artifact, >(2) I abandon the attempt to access the destination site, >(2) the artifact is now stolen by some means, >(3) the next day is the artifact is used to impersonate >me at the destination site. > >How does your proposal protect against this attack? The source and >destination systems must have somewhat synchronized clocks. This issue has >nothing to do with (explicit) usage of >NotBefore/ NotOnOrAfter attributes vs. Scott's proposal which >takes a more "implicit" viewpoint. 4.1.1.9.1 bullet point 3: "The source site SHOULD track the time difference between when a SAML artifact is generated and placed on a URL line and when a <samlp:Request> message carrying the artifact is received from the destination. A maximum time limit of a few minutes is recommended. Should an assertion be requested by a destination site query beyond this time limit, a SAML error SHOULD be returned from the source site." The above validity-period check at the source site makes validity-period checking at the destination site redundant. I suggest the "SHOULD"s above be replaced with "MUST"s, to make the above check required, and the destination-site validity check unnecessary.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC