[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Web-browser Binding Vulnerabilities + "Cures"
The following does IMO apply to many schemes including S2ML: The use of references to assertions etc. in the form of URLs which are usually given to an authenticated client by a credential issuer using an HTTP 301 (redirect) has at least one problem: A credential consumer cannot easily determine if it is the original client that handed over the URL containing such a reference. A simple browser URL window snooper program could "snatch" such tokens and transport them to somebody else. In spite of secure https transports. The only "cures" I can think of are putting the critical data in a cookie [sorry :-( ], which requires a fairly deep browser hack [open source would make it trivial though :-) ] to snatch, and IP bindings. The latter is not universal due to proxies (all clients on the same proxy looks like one IP for the credential consumer) etc. but it does improve the binding a bit. Note: I don't insist that the current binding scheme should be changed, this is simply "information". Anders
Powered by eList eXpress LLC