OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] Suggest adding IssueInstant attribute to Requestand Response

Referencing section of the security considerations document, it
notes that unless the transport layer (eg. SSL) prevents the capture of
request messages, the use of XML signing and/or encryption does not
prevent an attacker from capturing messages and replaying them.

This is fairly obvious, but instead of leaving the problem, why not just
solve it by providing a means to build a bounded replay cache in clients
and servers?

I propose adding the IssueInstant attribute (found currently in
Assertion) to both Request and Response. This is a trivial change, adds
no overhead, and provides the means to timestamp a request or response
message in a uniform, secure way (via signing) for any bindings that may
come along. The obvious initial issue is use of SOAP with signing but
without SSL, which I believe is specified as optional in bindings-07.

Proposed schema change:

In RequestAbstractType and ResponseAbstractType, add:
	<attribute name="IssueInstant" type="dateTime" use="required"/>

It could be optional, but it seems simpler to me to just expect it. Text
should be minimal. I would propose not specifying policy on message
lifetime in bindings and let the endpoints decide.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC