[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Fwd: ..the notorious bearer subject.. -- From Bob Blakely
- From: "George Robert Blakley III"<George_Robert_Blakley_III/Tivoli_Systems@us.ibm.com>
- To: pmishra@netegrity.com, jhodges@oblix.com
- Date: Tue, 17 Jul 2001 09:58:35 -0500
Prateek, Jeff: I'm sending you both this because I can't post to the list. Prateek, Thanks for the mail. I think we do indeed need an explicit element indicating that the assertion's subject is "bearer". <bearer/> is fine with me; it should be an alternative to <key-holder> etc... Tim's already given an example of where this is required. To speak more generally, we have two other mechanisms proposed: key-holder (which requires enough client-side logic to be able to store a key and use it to respond to challenges), and assertion-reference (which requires you to have another assertion). Key-holder can work homogeneously for all types of assertions, including authentication assertions. However, assertion-reference CANNOT work homogeneously, because there can be no base case -- I have an attribute assertion, which refers to an authentication assertion. What does the authentication assertion refer to? Nothing! It's the root of the trust chain. The authentication assertion could have key-holder as a subject, but only if the client has a key and has the client-side logic to use it. If not, there needs to be some other way to claim that the authentication assertion is valid. "bearer" can do this with no logic required, at the cost of opening the possibility of assertion-theft attacks. This is NECESSARY, but is sometimes a vulnerability -- it's also the heart of the "indexical reference" problem. --bob Bob Blakley (email: blakley@us.tivoli.com phone: +1 512 436 1564) Chief Scientist, Security, Tivoli Systems, Inc. "Mishra, Prateek" <pmishra@netegrity.com> on 07/13/2001 05:23:49 PM To: "'blakley@tivoli.com'" <blakley@tivoli.com> cc: Subject: FW: ..the notorious bearer subject.. -----Original Message----- From: Mishra, Prateek [mailto:pmishra@netegrity.com] Sent: Friday, July 13, 2001 6:22 PM To: 'bblakley@tivoli.com'; 'security-services@lists.oasis-open.org' Subject: ..the notorious bearer subject.. Bob, As part of crunching thru the third f2f whiteboard draft, we find numerous references to "bearer" as one possibility for the subject element in an assertion. Presumably, a bearer assertion is one that can be simply presented by whoever is "holding" it and used without further proof of ownership. (1) How do we model this at the XML-level --- I assume it is enough to have an element called <Bearer/> that can appear within the <Subject> element. (2) Is this really required within SAML? What use-case did you have in mind? --bob Bob Blakley (email: blakley@us.tivoli.com phone: +1 512 436 1564) Chief Scientist, Security, Tivoli Systems, Inc.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC