freemen freemen

Niner since 2006


  • Vittorio Bertocci: WS-Trust - Under the Hood

    Thanks Vittorio for the quick answers...although I still need some papers to really understand the "guts of it"

    Is there a public site where the complete cryptographic protocol would be described for review?

    Quoting "Saint Thomas": for the type of things I do, I generally prefer to double check protocols...Big Smile

    Freemen...and also born free Smiley


  • Vittorio Bertocci: WS-Trust - Under the Hood

    Thank you for this Nice session ...very didactic...

    WS trust in indeed interesting as building block...but people using it must know that their work is not finished at security level, the multiparty protocol must still be carefully designed...Smiley

    Examples of things I would think about

    1.In your example regarding the age, how does the "wine seller" know that "22" is really the age of the person submitting the SAML token to him and that the token was not stolen and just sent to him ?

    shouldn't there be a signdrivingdeptprivkey (certificate user, age corresponding to certificate user presented when the user requested assertion from the "drive dept")?

    2. I suppose also that there is a need to have all parties (wine reseller, user, Drive dept) be all securely synchonized with the same time server (in some kind of secure way?) in order to make sure that the signed assertions are all still "fresh" and avoid making the relying party accept old assertions that could have become osbolete?

    3. What about replays of RSR ?