[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] encrypting saml protocol messages
First
note that the Request, Response and Assertion may all be strongly Authenticated
and Integrity Protected with a signature. In fact Integrity protection is
crucial for the SSO Profiles, otherwise anyone could present any Assertion they
wanted.
If you
look at the contents of the Request and Response, aside from the Assertion, the
other fields are generally known or can easily be guessed from simply observing
the message flows, the timer of day, etc. Further the "intermediary agent" is in
fact the user agent, i.e. Browser. It is hard to see how there could be a threat
of the user knowing that he will shortly be asked to Authenticate or
the request was successful or unsuccessful.
No XML
level encryption was provided in SAML 1.0 or 1.1. (Wrapped keys could be
transmitted, but that simply referenced other specs.) In most cases, all the
information including attribute names and values was well known to everyone. The
key security issue was whether they were being asserted by a trusted
authority.
For
SAML 2.0 three usecases for encryption were identified: 1) encrypt the
entire Assertion, 2) encrypt the NameID and 3) encrypt Attributes. The primary
motive was privacy protection. One goal was to include the encrypted data in the
schema, so that Assertions with encrypted components would be Schema
valid.
Of
course you can always encrypt any XML document as specified by XML Encryption,
if you don't care about Schema validity.
Hal
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]