[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] holder-of-key subject confirmation
I would say the answer to this is "no". I have read all the follow-up emails and do not think they addressed the core problem which I will attempt to do here. User has private key PR-K1 associated w cert C1 that is used to sign message sent to IdP. IdP uses users public key PU-K1 to verify and authenticate user and sends back signed attr assertion using IdP private key, say PR-K3 and assertion contains C1 so that user can prove they are "holder of key" by signing a message w PR-K1 that can be verified by RP w PU-K1, just like the IdP did. User then goes to relying party RP w cert C2, which is not validated by anyone according to the original email. i.e. IdP has reason to trust C1, but there is no indication anyone has reason to trust C2. RP could trust C1 because IdP puts C1 in assertion signed w PR-K3, which RP can validate w PU-K3, which RP trusts because has relation w IdP and PU-K3. However, there is no connection that RP has to C2. C2 just came out of the blue and there is no one that has vouched for the holder of the PR-K2, based on presentation of msg signed by PU-K2. i.e. RP trusts PU-K1, because assertion contains C1 signed by PR-K3. RP has no reason to trust PU-K2, because IdP has shown no involvement with C2 and is not vouching for holder of PR-K2. Basically the IdP is vouching for the holder of PR-K1, and incidentally the cert, C1. Anyone can read the cert, C1, and create a new cert, C2 with the same subject name etc. But no one should trust C2, because C2 was not contained in anything signed by IdP. Bottom line: for RP to trust anything from user that RP wants backed up by IdP, then user must sign message with PR-K1 to show it holds key assoc w C1. Using C2 is irrelevant to RP, because there is no direct tie to IdP. Just my 2 cents, Rich Tom Scavo wrote: > Consider the following sequence of protocol exchanges: > > 1. A user self-queries an IdP for attributes, authenticating with an > X.509 certificate (C1). > 2. The IdP issues a signed attribute assertion, binding the user's > certificate to a holder-of-key <SubjectConfirmation> element. > 3. The user presents the signed attribute assertion to a relying > party, authenticating with a different X.509 certificate (C2). > > If the RP can verify that the subject names in C1 and C2 are the same, > can the RP conclude that the subject is confirmed? > > Thanks, > Tom > > --------------------------------------------------------------------- > To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: saml-dev-help@lists.oasis-open.org > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]