Re: [GNAP] Defense protection
Adrian Gropper <agropper@healthurl.com> Fri, 28 May 2021 19:42 UTC
Return-Path: <agropper@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CD223A3148 for <txauth@ietfa.amsl.com>; Fri, 28 May 2021 12:42:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hxHF-SVY8IBU for <txauth@ietfa.amsl.com>; Fri, 28 May 2021 12:42:00 -0700 (PDT)
Received: from mail-vs1-f42.google.com (mail-vs1-f42.google.com [209.85.217.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF5F83A334A for <txauth@ietf.org>; Fri, 28 May 2021 12:41:59 -0700 (PDT)
Received: by mail-vs1-f42.google.com with SMTP id x22so2751132vsn.2 for <txauth@ietf.org>; Fri, 28 May 2021 12:41:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eKzqubUY9h1cNNQ1miBmvbcShahtkI4bLT37gi1mD0Q=; b=I9TZo+UXWyRKFiL7aRH72eoIgWxIQaoAHIeJcP0KP0n8dBVruApaIokyd6hsAzNSBi pC7Hs72zM00AmngLasNneIVCI541LgOtpwjkXyjGCRB58PP3xiYEnJ1cFdIpaPgUKQyq 65371kX2DxDfuJPn0eYtOKFgY7eLN1qoeuLjSxtOVorWrys9afqp+4ik0ZBS/pl6bjN4 vAK8y1jhIndNDN3536jbJXLm0gIo7yIkAvZ/EkK72tIe6oKeY5gLF2xuaIPUoyi6bMMm IcBcdh5PRGITNI8FQT+cNzvKagTBR6NdqYwFqzXCBC9A4NBg3aamHKTdryTLoHQzdkaL uHbQ==
X-Gm-Message-State: AOAM5306WRobcdyDhgL+hjs/WdUuZv8soQtkll3jCJaXWvJI5zE1R1vA 2iiCKT4lGmSQYOzqpt93Z7z9ukJVN0nHw0CGkIs=
X-Google-Smtp-Source: ABdhPJweNBENZzuEBwqsLeOc2knaenn3CGDsDyPb+gSRGTK+u5J1jm4ncc+how88Tos9NdXDK4X6UmF7t5r0tfjdloY=
X-Received: by 2002:a67:cd0d:: with SMTP id u13mr9235343vsl.1.1622230918486; Fri, 28 May 2021 12:41:58 -0700 (PDT)
MIME-Version: 1.0
References: <CAHbuEH49sZjKvE0JVsa39WuFG83FbBcQQAyXH-V8TNGt-b-wtw@mail.gmail.com>
In-Reply-To: <CAHbuEH49sZjKvE0JVsa39WuFG83FbBcQQAyXH-V8TNGt-b-wtw@mail.gmail.com>
From: Adrian Gropper <agropper@healthurl.com>
Date: Fri, 28 May 2021 15:41:46 -0400
Message-ID: <CANYRo8iiR-ukwWKQzVz2w4_P3wYdokpDecPSL=edfNLnKrEfng@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Cc: GNAP Mailing List <txauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000a3df8205c36911c1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/ug77E13UILPyNU5zQ2pi8skPUvI>
Subject: Re: [GNAP] Defense protection
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 May 2021 19:42:04 -0000
Hi Kathleen, I am not aware of the attacks on SAML and OAuth and would appreciate a link or two. I hope we can provide guidance on how GNAP can facilitate Zero Trust Architecture and believe that includes guidance on how to audit various things as systems use GNAP protocols to separate concerns among independent actors. Count me in for a brainstorming sessio, - Adrian On Fri, May 28, 2021 at 3:29 PM Kathleen Moriarty < kathleen.moriarty.ietf@gmail.com> wrote: > Hello! > > In light of recent attacks against SAML and OAuth, I'd like to see what > defense mechanisms and detection could be built into the spec. One example > would be from the recent SAML attack. If there was a detection of > instances of authorization without authentication, the SAML attack used in > SolarWinds might have been detected sooner. > > If you think along the lines of fraud detection, where you detect unusual > events, there may be some specific to GNAP that could enable early > detection of abuse, misuse, or exploits. > > Are there some planned? Would people like to brainstorm on this? > Thanks! > > > -- > > Best regards, > Kathleen > -- > TXAuth mailing list > TXAuth@ietf.org > https://www.ietf.org/mailman/listinfo/txauth >
- [GNAP] Defense protection Kathleen Moriarty
- Re: [GNAP] Defense protection Adrian Gropper
- Re: [GNAP] Defense protection Kathleen Moriarty
- Re: [GNAP] Defense protection Warren Parad
- Re: [GNAP] Defense protection Adrian Gropper
- Re: [GNAP] Defense protection Kathleen Moriarty
- Re: [GNAP] Defense protection Alan Karp
- Re: [GNAP] Defense protection Cendyne
- Re: [GNAP] Defense protection Fabien Imbault
- Re: [GNAP] Defense protection Justin Richer
- Re: [GNAP] Defense protection Fabien Imbault
- Re: [GNAP] Defense protection Denis