[Openid-specs-risc] Final security analysis
Windley, Phil
pwindley at amazon.com
Thu Aug 29 19:37:33 UTC 2024
Thanks Shayne. Once approved, where is this made available? Public doc, I presume.
On Aug 29, 2024, at 2:59 PM, Shayne Miel (smiel) via Openid-specs-risc <openid-specs-risc at lists.openid.net> wrote:
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
Hello working group members. You may recall that earlier this year we engaged a research team from the Institute of Information Security at the University of Stuttgart, Germany to analyze the security properties of the Shared Signals Framework. We are happy to announce that this work has been completed. The final report can be downloaded from this link: https://github.com/user-attachments/files/16762914/2024-08-26_WP4.1b-Report.pdf
As a last step, the working group is being asked to formally approve the report. We will take an official poll during the working group meeting on September 10th. For anyone who is not able to attend, if you wish to voice an opinion, feel free to share it via this email list.
The best way to understand this report is to start with section 4. In that section, the researchers list the security properties that they are proving given the assumptions made in section 2. The appendix contains the formal mathematics of the proofs, and section 3 contains a short list of recommendations unrelated to the proofs.
Please let me know if you have any questions,
Shayne
<Outlook-3hnuuyry.png>
[https://duo.com/assets/img/email/spacer.gif]
Shayne Miel / Principal Engineer (he, him, his)
smiel at cisco.com<mailto:smiel at cisco.com>
(919) 923-6230
cisco.com<https://www.cisco.com/site/us/en/products/security/index.html>
_______________________________________________
Openid-specs-risc mailing list
Openid-specs-risc at lists.openid.net<mailto:Openid-specs-risc at lists.openid.net>
https://lists.openid.net/mailman/listinfo/openid-specs-risc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20240829/f46b8e4a/attachment.html>
More information about the Openid-specs-risc
mailing list