IETF Logo Mail Archive

Re: [OAUTH-WG] draft-ietf-oauth-assertions-00

Hannes Tschofenig <Hannes.Tschofenig@gmx.net> Thu, 20 October 2011 20:51 UTC

Return-Path: <Hannes.Tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64D5C21F85D1 for <oauth@ietfa.amsl.com>; Thu, 20 Oct 2011 13:51:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.444
X-Spam-Level:
X-Spam-Status: No, score=-102.444 tagged_above=-999 required=5 tests=[AWL=0.155, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w3iG4eeKlesk for <oauth@ietfa.amsl.com>; Thu, 20 Oct 2011 13:51:39 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 52B5A21F86FF for <oauth@ietf.org>; Thu, 20 Oct 2011 13:51:39 -0700 (PDT)
Received: (qmail invoked by alias); 20 Oct 2011 20:51:34 -0000
Received: from unknown (EHLO [10.2.2.99]) [64.9.249.121] by mail.gmx.net (mp072) with SMTP; 20 Oct 2011 22:51:34 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX188LeBdLcQ8cZwgm+Q43SEarWr0l4F2buHRhrGLbm 38sWSUu9oeedh3
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739435C24DBE4@TK5EX14MBXC283.redmond.corp.microsoft.com>
Date: Thu, 20 Oct 2011 13:51:31 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <71635468-71D7-4A50-9201-264EA23956F6@gmx.net>
References: <4731B0D6-6898-4A41-9B03-25222E967A8C@gmx.net> <4E1F6AAD24975D4BA5B16804296739435C24DBE4@TK5EX14MBXC283.redmond.corp.microsoft.com>
To: Mike Jones <Michael.Jones@microsoft.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-oauth-assertions-00
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 20:51:40 -0000

> FYI, the Assertion ID specified in the Assertion Metamodel is used to prevent replay attacks.

There are various ways to prevent replays and having unique identifiers is one possibility. Timestamps are another one. 
In model 2 for it to work the client would have to request a new assertion from the STS every time before it presents something to the AS. 
While this is theoretically possible I doubt it will be done in practice. Consequently, there will be a certain time window for replay attacks. Depending on the application requirements that may well be fine. 

In model 1 it is very likely that one would do this. In that case, however, the security is similar (but not the same) as the HMAC based spec (when shared secrets and HMACs are used) with the only difference that the HMAC spec is far less verbose than constructing an assertion with self-constructed info. 

Ciao
Hannes

>  
>                                                             -- Mike
>  
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
> Sent: Thursday, October 20, 2011 12:40 PM
> To: OAuth WG
> Subject: [OAUTH-WG] draft-ietf-oauth-assertions-00
>  
> Hi all, 
> 
> at the Internet Identity Workshop this week Barry and I had a chance to meet Chuck, Mike, and Brian to talk about the content of draft-ietf-oauth-assertions-00. 
> 
> The specification provides an abstract description for two features, namely 
> a) assertion usage as client credentials, and
> b) assertion usage as authorization grants
> 
> Let me focus on (a) in this mail. 
> 
> In attempting to judge the security features I noticed that I got the impression that the description could be improved. Here is an attempt to describe the features to see whether other members have the share my understanding.  
> 
> Model 1: Self-Crafted Assertion 
> 
> In this model the client creates an assertion and signs it before sending it to the Authorization Server in a client authentication exchange. ({Assertion}Client means that the Assertion is signed with the private key of the client.)
> Of course, the authorization server has to either know the symmetric key or to be able to verify the digital signature (based on a shared trust anchor, or by trusting the public key itself).
> 
>      +--------+
>      |        | {Assertion}Client  +---------------+
>      |        |------------------->| Authorization |
>      | Client |                    |     Server    |
>      |        |<-------------------|               |
>      |        |                    +---------------+
>      +--------+
> 
> Model 2: STS issued Assertion
> 
> In this model the client obtains an assertion from another entity; we use the term STS here. 
> STS, as the issuer of the assertion, signs it. The client, on the other hand, only passes the assertion forward to the authorization server. 
>                  +--------+
>                  |        |
>                ,>| Secure |
>               /  |  Token |
>             ,' , | Server |
>            /  /  | (STS)  |
>          ,'  /   +--------+
>         /  ,'
>       ,'  /  {Assertion}STS
>      /   v
>    +--------+
>    |        |  {Assertion}STS    +---------------+
>    |        |------------------->| Authorization |
>    | Client |                    |     Server    |
>    |        |<-------------------|               |
>    |        |                    +---------------+
>    +--------+
> 
> Model 3: Co-Signed Assertion
> 
> In this third model STS creates and signs an assertion before it sends it to the client. The client instead of just passing it on to the AS it also uses a secret to sign it. By doing this the client demonstrates that it knows a secret (that is potentially associated with the assertion itself). 
> 
>                  +--------+
>                  |        |
>                ,>| Secure |
>               /  |  Token |
>             ,' , | Server |
>            /  /  | (STS)  |
>          ,'  /   +--------+
>         /  ,'
>       ,'  /  {Assertion}STS
>      /   v
>    +--------+
>    |        | {{Assertion}STS}Client  +---------------+
>    |        |------------------------>| Authorization |
>    | Client |                         |     Server    |
>    |        |<------------------------|               |
>    |        |                         +---------------+
>    +--------+
> 
> From our discussions I understood that Model 1 & 2 are currently in focus of the description but model 3 isn't. The security properties for model 1 and model 2 are quite different: in model 2 the provided security is not so much different from the client password mechanism described in Section 2.3.1 of the OAuth core specification. The client essentially sends a secret around. The secret here is the assertion. Without proper protection an adversary who is able to see that assertion is able perform a replay attack. The content of the assertion may allow the replay window to be reduced though. 
> 
> Let me know if your understanding is the same as mine. If so, then I could propose some text on how to get the security claims in the document fixed. 
> 
> Ciao
> Hannes
> 
> 
> 
>

v2.23.0 | Report a Bug | By Email