[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] destination-side enforcement of one-time artifactuse
Scott Cantor wrote on 9/10/2004, 4:24 PM: > Prateek is talking about a second issue, uncovered by the IBM paper. In > addition to the artifact issuer enforcing one-time use (which can be > done as > you suggest), the artifact *receiver* should also do this by tracking > artifacts it gets and do replay detection on them, to prevent an attacker > from sabotaging the dereference step and then resubmitting the artifact > himself. So, if the attacker has sabotaged the dereference, the provider has no validity period to use to keep the artifact. So, I think the appropriate guidance should be along the lines of: If an attempt to dereference an artifact does not complete successfully, the artifact should be placed into a blocked artifact list for a period of time that exceeds the artifact acceptance period at the provider. And I recommend adding the artifact acceptance period as a metadata element (or, if we don't want to add it in metadata, we should make it a recommendataion that artifacts have a very short lifespan (say 10 minutes) and use that in figuring the time to keep the artifact in the blocked list. This solution means that the SP only has to keep the artifacts when it is possible that they could be attacked using the method you pointed out and makes the 99.99999999% case require no additional tracking. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]