Yet Another Delegation Thread

Dick Hardt dick at sxip.com
Thu Oct 26 13:46:07 UTC 2006


On 25-Oct-06, at 11:27 AM, Boris Erdmann wrote:

> On 10/25/06, Dick Hardt <dick at sxip.com> wrote:
>> On 25-Oct-06, at 8:57 AM, Drummond Reed wrote:
>>
>>> 2) Since the RP has to do discovery on the Claimed Identifier
>>> anyway, if it
>>> discovers a mapping between the Claimed Identifier and an IdP- 
>>> Specific
>>> Identifier, the RP can send the IdP-Specific Identifier to the IdP
>>> and save
>>> the IdP from having to repeat discovery.
>>
>> unfortunately that disco information could be modified in route, so
>> the IdP can't trust it
>
> Right: IdP will never be able to trust it, since the claimed ID could
> be faked to a URL, which provides valid "looking" discovery.
>
> But IdP is free to implement some "heuristics" to verify
> validity: E.g. users could be presented a dialog like:
>
> ======================================
> "RP X" ask for checking against
> "yourclaimedID" which they think is associated with
> "yourIDwithus" with us, "wonderIdP" that is.
>
> Is the provided information correct?
>
> [  ] register the triple (RP X, yourclaimedID, yourIDwithus)
>      for automatic verifying in the future
>
> [  ] register the tuple (yourclaimedID, yourIDwithus)
>      for automatic verifying in the future (don't bother me mode)
>
> [  ] don't collect this kind of data, I hate that.
>      Trust any RP -- I know it's less secure, but I know what I do.
>
> [ yes, go ahead ]  [ no, cancel ]
> ======================================
>
> This way IdP can check back with the user and
> learn to trust certain RPs.

It is not necessarily the RP that is the issue. The request is not  
signed, so may be modified.

Additionally, why ask the user when the IdP can do it?




More information about the specs mailing list