[GNAP] Defense protection
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 28 May 2021 19:29 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E70C3A32E6 for <txauth@ietfa.amsl.com>; Fri, 28 May 2021 12:29:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Se08nZcKQOVR for <txauth@ietfa.amsl.com>; Fri, 28 May 2021 12:29:23 -0700 (PDT)
Received: from mail-vs1-xe34.google.com (mail-vs1-xe34.google.com [IPv6:2607:f8b0:4864:20::e34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC13E3A32E5 for <txauth@ietf.org>; Fri, 28 May 2021 12:29:23 -0700 (PDT)
Received: by mail-vs1-xe34.google.com with SMTP id f11so2750629vst.0 for <txauth@ietf.org>; Fri, 28 May 2021 12:29:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=IkX/FlUPeBP/XbMTTfTi/Bm051WeeIQZKSPcz72rvhQ=; b=ZUACPYMWmLpa8dnpToF/Fhs8pRRV6xMPLqil/ViJYXWpVTaUr4bJouPR7xFQQFni/M L6T/ritBO1P3KcPdbuoAQbIoGxLnrzptw5DoV/md41z5gLTMO8lwiDqP12wXuSg3Ea/b Q16VQ21VVD4TX4dAGjUbmGrUAG1ecY/xCmuhWpgXURmEPVn7COE+3I8ODBf6eCz2/7I/ zBt/X1GVaprk1i6m6Vv2Vo9ff02UORhrL97tMILiquGSAZGI3Q0DtzPWw8odO/566VzW g5afHILBXyMVTf/fdYbGQSKE4MNrnLbsnwuQePN745dxB+DywIuqsC0X9PcrgNQQutw9 /+mA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=IkX/FlUPeBP/XbMTTfTi/Bm051WeeIQZKSPcz72rvhQ=; b=ZRekK2dkc0huMNDVntwz8BOPiesDdjtW1dWHiCTDl1Fa/Z/lnrumSojzkeeY9L4EG5 wUoQU0zC5T2KHoZXm8INnX0yentTdJErWmFJZCMfFKNetvYZUrxN738xV/hAHOqZAl2d NRvVQzJ1i4RgCHkKCr1M/kD1uaPNN/3bJz72V/5SF/+Hxz+H/6UIKTrm+O1TSs+qKTy+ an2fCN29VrbHcixokpnfW7t/+kuzkA0fIYd9QfGB8RatOsOqO3j/YB454r80dVGvPeim iq5PMSdVmlNlwoT08W6SvTelHmLFogplycpzBFNNi8c6UgcL+5PEePhHbftiE4T5ct4i XiLQ==
X-Gm-Message-State: AOAM531Ds90wQcwLD81MO/34JBaW9jkMmpJnq3Rca7CyLFuHPMdWrtD9 g6MHfY7RpFPpEk+Nec6sA0ZZQpafYIk+Onq165+PBokSdsg=
X-Google-Smtp-Source: ABdhPJw6beksx9tsBVwuwD+3PmhtNId8uwB79Al52ASgU7QmZeSY44hyEkB76skzEdebAMPYQ5aTVrYv6LihZ2bH1Ck=
X-Received: by 2002:a67:b709:: with SMTP id h9mr8881372vsf.39.1622230160675; Fri, 28 May 2021 12:29:20 -0700 (PDT)
MIME-Version: 1.0
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Fri, 28 May 2021 15:28:44 -0400
Message-ID: <CAHbuEH49sZjKvE0JVsa39WuFG83FbBcQQAyXH-V8TNGt-b-wtw@mail.gmail.com>
To: GNAP Mailing List <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000078974005c368e4a9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/doLlMiXHrovo-W-3NMQcbWYpT0U>
Subject: [GNAP] Defense protection
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 May 2021 19:29:25 -0000
Hello! In light of recent attacks against SAML and OAuth, I'd like to see what defense mechanisms and detection could be built into the spec. One example would be from the recent SAML attack. If there was a detection of instances of authorization without authentication, the SAML attack used in SolarWinds might have been detected sooner. If you think along the lines of fraud detection, where you detect unusual events, there may be some specific to GNAP that could enable early detection of abuse, misuse, or exploits. Are there some planned? Would people like to brainstorm on this? Thanks! -- Best regards, Kathleen
- [GNAP] Defense protection Kathleen Moriarty
- Re: [GNAP] Defense protection Adrian Gropper
- Re: [GNAP] Defense protection Kathleen Moriarty
- Re: [GNAP] Defense protection Warren Parad
- Re: [GNAP] Defense protection Adrian Gropper
- Re: [GNAP] Defense protection Kathleen Moriarty
- Re: [GNAP] Defense protection Alan Karp
- Re: [GNAP] Defense protection Cendyne
- Re: [GNAP] Defense protection Fabien Imbault
- Re: [GNAP] Defense protection Justin Richer
- Re: [GNAP] Defense protection Fabien Imbault
- Re: [GNAP] Defense protection Denis