Re: [saml-dev] holder-of-key subject confirmation

["Rich.Levinson" <rich.levinson@oracle.com>]

Hi Tom,

If the RP trusted C2, then, I think, informally, that RP could
then rely on the confirmation. By "informally", I mean that the
IdP has a formal relationship w the user and by issuing the
saml assertion is potentially authorizing the user to conduct
certain types of activities that would be guaranteed by the
IdP if the user signed with private key of C1.

However, I do not believe, in general, that the IdP would
consider itself responsible for anything done with C2.

However, an RP, that trusted IdP for confirmation of the
subject in C1, might be willing to assume that the subject
of C2 was, in fact, the same subject.

The weakness I see here is that it seems to reduce a strong
token (saml hok) to the level of a bearer token, because the
inherent strength of the hok is not being used.

It would seem that the main reliance of the RP in this scenario
is on the trust it has in C2, and the saml assertion can be
thought of possibly as a 2nd factor of authentication, making
the RP more confident in C2, then it would be otherwise.

I think I would need to understand more about the objectives
of this combination of authentications - i.e. who is the RP going
to be holding accountable for what.

    Thanks,
    Rich

Tom Scavo wrote:

ea2af9bd0805121502g4be176b1xd2fac06deba0a04f@mail.gmail.com" type="cite">

On Sun, May 11, 2008 at 10:32 PM, Rich.Levinson
<rich.levinson@oracle.com> wrote:
  

 Anyone can read the cert, C1, and create a new cert, C2 with the same
 subject name etc. But no one should trust C2, because C2 was not
 contained in anything signed by IdP.
    

Rich, would you change your point of view if the relying party RP
happens to trust the certificate C2 presented by the user?

Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: saml-dev-help@lists.oasis-open.org