[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Suggest adding IssueInstant attribute toRequest and Response
> I can steal Alice's request for attributes (the most likely case, and
> the only one Shibboleth would be concerned with). If I can replay it
> successfully immediately or in the future, I can get attributes that
> only Alice might be allowed to see (or at least that I'm not
> allowed to
> see). I let her request go on through as well, so she never
> knows, since
> she gets her answer.
I don't understand this. You were able to capture the orignal request, but you could not see the response?
Or the response was encrypted the first time, but not on the replay?
I guess I am missing some assuption about the environment.
Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC