ADFS, SharePoint, and InCommon?
Peter Schober
peter.schober at univie.ac.at
Fri Nov 9 02:12:21 EST 2012
* THIA Jean-Marie <jean-marie.thia at upmc.fr> [2012-11-09 00:47]:
> I am not sure to fully understand what you mean with signature
> verification.
In the most common trust model today any security and trustworthyness
of supplied metadata comes from a cryptographic signature (using
XMLsig) inside the metadata. Without verifying that against a signing
key (e.g. obtained securely OOB or involving PKIX), you're susceptible
to manipulated metadata, which could mean changed encryption keys,
protocol endpoints and required attributes.
> It is easy to check validUntil attribute, but was should be done then...
> Remove, disable the IdP ?
If validUntil for an EntitiesDescriptor is in the past, yes.
It's not about one ("the") IdP though, but all entities within that
EntitiesDescriptor.
> Anyway my intention with the script is that it had to be update to
> each user needs. So I made it very simple.
Not to be criticizing here, but to me that sounds very much like:
I've left implementing security to the deployer. (Which is fine, since
you're free to do or leave out whatever you want, of course!)
I'm just not sure that is going to happen then, as the deployer will
very likely know less about these things as the author.
FEMMA has the exact same problems, IIRC, but by using pysaml2 with it
(as Roland Hedberg had shown was rather simple) you gain the power of
correct and secure metadata handling. But AFAIK this has not been
picked up by the author of FEMMA (or anyone else, for that matter).
-peter
More information about the users
mailing list