[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Security Considerations: draft-sstc-sec-consider-00.doc
Jeff - May I make the following suggestions for the "Security considerations" section. Best regards. Tim.
Vulnerability - Theft of the user authentication information
In the case where the subject authenticates to the source site by revealing authentication information, for example, in the form of a password, theft of the authentication information will enable an adversary to impersonate the subject.
Safeguards - The connection between the subject's browser and the source site must implement a confidentiality safeguard. In addition, steps must be taken by either the subject or the destination site to ensure that the source site is genuinely the expected, trusted, source site, prior to revealing the authentication information.
Vulnerability - Theft of the bearer token
In the case where the authentication assertion contains the assertion bearer authentication protocol identifier, theft of the artifact will enable an adversary to impersonate the subject.
Safeguards - The following safeguards must be implemented.
--The destination site must implement a confidentiality safeguard on its connection with the subject's browser.
--The subject or destination site must ensure (out of band) that the source site implements a confidentiality safeguard on its connection with the subject's browser.
--The destination site must verify that the subject's browser was directly redirected by a source site that directly authenticated the subject.
--The source site must not respond to more than one request for an assertion corresponding to the same assertion id.
--If the assertion contains a condition element of type AudienceRestrictionConditionType that identifies a specific domain, then the destination site must verify that it is a member of that domain.
--The connection between the destination site and the source site, over which the assertion id is passed, must implement a confidentiality safeguard.
--The destination site, in its communication with the source site, over which the assertion id is passed, must verify that the source site is genuinely the expected, trusted, source site.
From: firstname.lastname@example.org [mailto:email@example.com]
Sent: Saturday, August 11, 2001 5:56 AM
To: oasis sstc
Subject: Security Considerations: draft-sstc-sec-consider-00.doc
draft-sstc-sec-consider-00.doc is attached.
It isn't nearly as filled-out as I'd hoped it would be, but I've had a series
of unanticipated distractions the past couple of weeks with concomitant impacts
on my time.
So the above is a simply a skeleton for the most part. Those who're interested
(Chris McLaren, Prateek, Don Flinn, so far) can contribute to filling it in, as
we move forward.
I've referenced (within sec-consider-00) email msgs on the list(s) that have
substantive material and/or thinking for this sec-consider context. My
apologies if I didn't include anything of yours.
Powered by eList eXpress LLC