[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Updated: (SECURITY-12) PE: Add material onRelayState sanitization
[ http://tools.oasis-open.org/issues/browse/SECURITY-12?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott Cantor updated SECURITY-12:
---------------------------------
Summary: PE: Add material on RelayState sanitization (was: PE:)
Proposal:
In SAML Bindings:
Add text to section 3.1.1, Use of RelayState
-----
Some bindings that define a "RelayState" mechanism do not provide for end to end origin authentication or integrity protection of the RelayState value. Most such bindings are defined in conjunction with HTTP, and RelayState is often involved in the preservation of HTTP resource state that may involve the use of HTTP redirects, or embedding of RelayState information in HTTP responses, HTML content, etc. In such cases, implementations need to beware of Cross-Site Scripting (XSS) and other attack vectors (e.g., Cross-Site Request Forgery, CSRF) that are common to such scenarios.
Implementations MUST carefully sanitize the URL schemes they permit (for example, disallowing anything but "http" or "https"), and should disallow unencoded characters that may be used in mounting such attacks.
-----
Add text to sections 3.4.5.2, 3.5.5.2, 3.6.5.2:
-----
When using RelayState in conjunction with HTTP redirects or response information, implementations MUST carefully sanitize the URL schemes they permit (for example, disallowing anything but "http" or "https"), and should disallow unencoded characters that may be used in mounting such attacks.
-----
Component/s: Bindings
Fix Version/s: 2.0 incorporating Approved Errata
Affects Version/s: Version 2.0
Description: A recent paper (http://www.ai-lab.it/armando/pub/sec2011.pdf) outlines some threats that in small part involve problems with RelayState handling in implementations. Conversations with the author at the end of last year suggested we add clarifying material if possible to guide implementers to avoid some of the worst problems.
> PE: Add material on RelayState sanitization
> -------------------------------------------
>
> Key: SECURITY-12
> URL: http://tools.oasis-open.org/issues/browse/SECURITY-12
> Project: OASIS Security Services (SAML) TC
> Issue Type: Improvement
> Components: Bindings
> Affects Versions: Version 2.0
> Reporter: Scott Cantor
> Fix For: 2.0 incorporating Approved Errata
>
>
> A recent paper (http://www.ai-lab.it/armando/pub/sec2011.pdf) outlines some threats that in small part involve problems with RelayState handling in implementations. Conversations with the author at the end of last year suggested we add clarifying material if possible to guide implementers to avoid some of the worst problems.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]