OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Fwd: ..the notorious bearer subject.. -- From Bob Blakely





Prateek, Jeff:

I'm sending you both this because I can't post to the list.

Prateek,

Thanks for the mail.  I think we do indeed need an explicit element
indicating that the
assertion's subject is "bearer".  <bearer/> is fine with me; it should be
an alternative to
<key-holder> etc...

Tim's already given an example of where this is required.  To speak more
generally,
we have two other mechanisms proposed: key-holder (which requires enough
client-side
logic to be able to store a key and use it to respond to challenges), and
assertion-reference
(which requires you to have another assertion).

Key-holder can work homogeneously for all types of assertions, including
authentication
assertions.

However, assertion-reference CANNOT work homogeneously, because there can
be no
base case -- I have an attribute assertion, which refers to an
authentication assertion.
What does the authentication assertion refer to?  Nothing!  It's the root
of the trust chain.
The authentication assertion could have key-holder as a subject, but only
if the client
has a key and has the client-side logic to use it.  If not, there needs to
be some other
way to claim that the authentication assertion is valid.  "bearer" can do
this with no logic
required, at the cost of opening the possibility of assertion-theft
attacks.  This is NECESSARY,
but is sometimes a vulnerability -- it's also the heart of the "indexical
reference" problem.


--bob

Bob Blakley (email: blakley@us.tivoli.com   phone: +1 512 436 1564)
Chief Scientist, Security, Tivoli Systems, Inc.


"Mishra, Prateek" <pmishra@netegrity.com> on 07/13/2001 05:23:49 PM

To:   "'blakley@tivoli.com'" <blakley@tivoli.com>
cc:
Subject:  FW: ..the notorious bearer subject..





-----Original Message-----
From: Mishra, Prateek [mailto:pmishra@netegrity.com]
Sent: Friday, July 13, 2001 6:22 PM
To: 'bblakley@tivoli.com'; 'security-services@lists.oasis-open.org'
Subject: ..the notorious bearer subject..


Bob,

As part of crunching thru the third f2f
whiteboard draft, we find numerous
references to "bearer" as one possibility
for the subject element in an assertion.

Presumably, a bearer assertion
is one that can be simply presented
by whoever is "holding" it
and used without further proof of ownership.

(1) How do we model this at the XML-level ---
I assume it is enough to have an element
called <Bearer/> that can appear within the
<Subject> element.

(2) Is this really required within SAML?
What use-case did you have in mind?


--bob

Bob Blakley (email: blakley@us.tivoli.com   phone: +1 512 436 1564)
Chief Scientist, Security, Tivoli Systems, Inc.





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC