[OpenID] OpenID Providers Invited to Join in an NSTIC Pilot Proposal

[Peter Williams]

typically, the PC (and thus the browser, of any vendor) is regarded as untrusted - in the assurance controls world.

 

First, the home PC controlled by the user (who is also not considered a trustworthy agent, formally, even when managing his/her OWN identity/attributes (!) ). yes, this distinguishes between trust and trustworthiness. Only the cloud vendors are trusted, to guage trustworthiness. The subscriber is NOT trustworthy, per se, and his/her equipment is usually unmanaged. Only other vendors are trustworthy as measured against a common standard, and common auditing standard. This is the whole "certification and accreditation" line of attack, not seen since the world of comsec controls and CCI equipment died (outside military circles) in the mid 90s.

 

In a mandatory security/audit world (nomininally addressing the end-end privacy problem issue), one cannot have an untrustworth component contaminate the assurance betweten IDP and RP. Its a lowest common assurance level definition, and the PC brings the assurance level down to zero - since the user goes and installs some PC-proxy that intercepts and sends it an RP that is NOT on the IDP's governance list.

 

so bearer-tokens are fine for websso, but not attribute exchange, under formal assurance doctrine. if there is end-end token encryption (and not 2 TLS tunnels connected at a PC) as in SAML2, the user/PC has little opportunity to interfere.