OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-rx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: i029 Session hijacking addressed by STR in CSR

You asked for more information on what threats that including the STR in the CSR mitigates against. For one it prevents session hijacking. 
For example, let's say that anyone in the FOO group can create an RM session, then if anyone obtains the sequence ID they are likely to be authorized to use the RM session. This can be mitigated by a service user establishing a security context with their credentials prior to creating the RM session. This security context has the claims necessary for creating a sequence. This security context is only known to the two parties, other users in the FOO group are not part of this security context. This security context is used in the RM sequence creation thus binding the two at creation time. With this coupling in place, the RM sequence is effectively "owned" by the security context identified in the STR of the CSR that establishes the security context in this example. Establishing security semantics after the resource is created leaves an attack window for creation attacks that is not addressed by just signing the message header and body.
Again, I believe this issue should be closed with no action. The STR should not be removed from the CSR. 
Marc g

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]