No subject
Tue Apr 24 11:52:11 UTC 2007
verify the RP during the association request, so that the association
handle is only returned after the RP has been verified.
Thanks!
Allen
> It seems that this methodology only works if either:
> 1) Every site (RP or proxy) publishes their return_to endpoints or that
> they don't have any.
> 2) An OP refuses to let the user login to a RP which doesn't publish
> their return_to endpoint.
>
> I'm unconvinced that either of those situations will actually become
> prevalent and thus worried about the effectiveness of this methodology.
>
> Using the same example from IIW, I am logging into
> http://evilrp.com/return_to which is proxying itself through
> http://www.google.com/translate/. If my OP were to prompt me, "We're
> unable to verify the site
> (http://www.google.com/translate/?http://evilrp.com/return_to) you're
> logging into, you should use caution when proceeding" I'm unsure how
> many users would actually not proceed, or rather see "google.com" and
> decide it is alright.
>
> I guess since we're unable to fully resolve this issue from a technical
> perspective, and no I don't have a better technical solution, I'm
> wondering if this should actually be an extension to the core protocol
> versus seeming like a resolution to the problem when it really doesn't
> completely solve it. In some senses I see this as a larger problem
> around trust of Relying Parties.
More information about the specs
mailing list