Two Identifiers - no caching advantage
Josh Hoyt
josh at janrain.com
Thu Oct 19 17:40:43 UTC 2006
On 10/19/06, Dick Hardt <dick at sxip.com> wrote:
> My head is a little moreclear this morning, so let me clarify.
>
> My key point is that the IdP cannot trust the discovery done by the
> RP since what the request is unsigned and may have been modified
> between the RP and the IdP.
The IdP shouldn't trust the message from RP. It doesn't need to trust
the message from the RP. Trusting the message from the RP would be a
mistake, because the relying party is not the authority for the
information provided. Signing the request has no effect on this issue.
The IdP does not need to trust the portable identifier given. An RP
will not honor a claim about an identifier whose discovery information
does not match, since it *must* check to make sure it matches *in any
case*. Even if bad information was sent in the request *and the IdP
did not verify it*, the relying party will reject the (bogus)
assertion from the IdP because it does not match the discovered
information for the portable identifier.
Your attack fails.
> I was showing a potential attack vector where even though I think I
> have resolved the issue, it is not resolved.
I can't figure out what this means. Who has resolved which issue? and how?
Josh
More information about the specs
mailing list