web services security and federated identity management · zurich research laboratory march 8, 2005...
TRANSCRIPT
![Page 1: Web Services Security and Federated Identity Management · Zurich Research Laboratory March 8, 2005 Web Services Security and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com](https://reader034.vdocument.in/reader034/viewer/2022042414/5f2eee984e6cf510090e7329/html5/thumbnails/1.jpg)
Zurich Research Laboratory
March 8, 2005 www.zurich.ibm.com
Web Services Security and Federated Identity Management
Birgit Pfitzmann, [email protected] Thomas Gross
![Page 2: Web Services Security and Federated Identity Management · Zurich Research Laboratory March 8, 2005 Web Services Security and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com](https://reader034.vdocument.in/reader034/viewer/2022042414/5f2eee984e6cf510090e7329/html5/thumbnails/2.jpg)
2
Zurich Research Laboratory
Web Services Security and Federated Identity Management © 2002-5 IBM Corporation
Federated Identity Management (FIM)
RolesExchange� Possible?� Allowed?� Efficient?
Collection, recognition� Allowed?� Efficient?� Verified?
![Page 3: Web Services Security and Federated Identity Management · Zurich Research Laboratory March 8, 2005 Web Services Security and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com](https://reader034.vdocument.in/reader034/viewer/2022042414/5f2eee984e6cf510090e7329/html5/thumbnails/3.jpg)
3
Zurich Research Laboratory
Web Services Security and Federated Identity Management © 2002-5 IBM Corporation
What’s New?
Fed
erat
ed
prov
isio
ning
Federated single sign-on
Nothing.(Event-based directory integration)
XML-based.(DSML, SPML, WS-Provisioning)
More liability and privacy issuesPure browser case.
(Else 3-party authentication)
SAML, Liberty, WS-Fed Passive.•Also WS versions•Also more attributes
•More liability and privacy issues•Metadata exchange
Scientifically
Standards
Management
![Page 4: Web Services Security and Federated Identity Management · Zurich Research Laboratory March 8, 2005 Web Services Security and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com](https://reader034.vdocument.in/reader034/viewer/2022042414/5f2eee984e6cf510090e7329/html5/thumbnails/4.jpg)
4
Zurich Research Laboratory
Web Services Security and Federated Identity Management © 2002-5 IBM Corporation
Literature
� Korman/Rubin 00: Passport problems� Pfitzmann/Waidner 02 etc.: Privacy� Pfitzmann/Waidner 02, Gross 03: Liberty and
SAML problems� Gordon et al: WS protocols, but not FIM� Gross/Pfitzmann 04: Positive analysis of WSFPI
![Page 5: Web Services Security and Federated Identity Management · Zurich Research Laboratory March 8, 2005 Web Services Security and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com](https://reader034.vdocument.in/reader034/viewer/2022042414/5f2eee984e6cf510090e7329/html5/thumbnails/5.jpg)
5
Zurich Research Laboratory
Web Services Security and Federated Identity Management © 2002-5 IBM Corporation
Attack Example: SAML Artifact Profile
U B D S
1a. Authenticate user
2. Redirect to D & artifact
3. GET ... & artifact
6. Result page
4. SAML Request w/ artifact
5. SAML Response: assertion
0. Browse, redirect
![Page 6: Web Services Security and Federated Identity Management · Zurich Research Laboratory March 8, 2005 Web Services Security and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com](https://reader034.vdocument.in/reader034/viewer/2022042414/5f2eee984e6cf510090e7329/html5/thumbnails/6.jpg)
6
Zurich Research Laboratory
Web Services Security and Federated Identity Management © 2002-5 IBM Corporation
A Multi-Layer Vulnerability
U B D S
1a. Authenticate user
2. Redirect to D & artifact
3. GET ... & artifact
6. Error page with non-SSL link
Interrupts channel D↔S
Gets artifact
Impersonates U at D
7a. GET non-SSL pageHTTP Referer: URL w/ artifact
7.
![Page 7: Web Services Security and Federated Identity Management · Zurich Research Laboratory March 8, 2005 Web Services Security and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com](https://reader034.vdocument.in/reader034/viewer/2022042414/5f2eee984e6cf510090e7329/html5/thumbnails/7.jpg)
7
Zurich Research Laboratory
Web Services Security and Federated Identity Management © 2002-5 IBM Corporation
What Can We Hope to Prove?
� Vulnerable operational environment– Based on passwords – Fake-screen attacks easy
– Browser security assumed
– OS security assumed
� Identity provider can impersonate user� Privacy can be good except
– Not anonymity AND certified attributes– Id supplier learns trail of id consumer URIs
Here: Secure channel establishment under appropriate operational assumptions
![Page 8: Web Services Security and Federated Identity Management · Zurich Research Laboratory March 8, 2005 Web Services Security and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com](https://reader034.vdocument.in/reader034/viewer/2022042414/5f2eee984e6cf510090e7329/html5/thumbnails/8.jpg)
8
Zurich Research Laboratory
Web Services Security and Federated Identity Management © 2002-5 IBM Corporation
Privacy Overview
� “Standard” implication– Explicit privacy policy for attributes (exceptions by law)
� Special cases:– Attribute = ID � Multiple roles– Attribute = URL � Traffic privacy– O = wallet holder � Allow multiple wallets,
in particular local wallets
Attributes about a person P are only given to an organization O, used there, or forwarded with P's consent.
![Page 9: Web Services Security and Federated Identity Management · Zurich Research Laboratory March 8, 2005 Web Services Security and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com](https://reader034.vdocument.in/reader034/viewer/2022042414/5f2eee984e6cf510090e7329/html5/thumbnails/9.jpg)
9
Zurich Research Laboratory
Web Services Security and Federated Identity Management © 2002-5 IBM Corporation
Interop Profile
The WSFPI Protocol – Basis for a Proof
WS-Federation
Other WS-Sec* HTTPS Tokens
WS-Fed Passive WS-Fed Active
WSFPI ≈
![Page 10: Web Services Security and Federated Identity Management · Zurich Research Laboratory March 8, 2005 Web Services Security and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com](https://reader034.vdocument.in/reader034/viewer/2022042414/5f2eee984e6cf510090e7329/html5/thumbnails/10.jpg)
10
Zurich Research Laboratory
Web Services Security and Federated Identity Management © 2002-5 IBM Corporation
Proof Challenges
� Browsers and users– Browser as protocol party – restricted abilities– User also a protocol party – zero-footprint browser
contains no identity– Browser and user might leak “protocol-internal” secrets
� Modularity, e.g., use of secure channels and SAML tokens
� Standard-style presentations– We prove rigorous instantiation
![Page 11: Web Services Security and Federated Identity Management · Zurich Research Laboratory March 8, 2005 Web Services Security and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com](https://reader034.vdocument.in/reader034/viewer/2022042414/5f2eee984e6cf510090e7329/html5/thumbnails/11.jpg)
11
Zurich Research Laboratory
Web Services Security and Federated Identity Management © 2002-5 IBM Corporation
WSFPI: Correct Message Flow
U B S C
Authenticate user
7. POST
10. Response
0. Browse
5.
Secure channel
6. POSTForm(a’, (wresult, [wctx]))
4. Redirect(URIS, (wa, wtrealm, [wreply, wctx, wct])
a’ := wreply or wtrealm; wresult := sign(nameS,
(URIS, URIC, idU))
Verify ...
![Page 12: Web Services Security and Federated Identity Management · Zurich Research Laboratory March 8, 2005 Web Services Security and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com](https://reader034.vdocument.in/reader034/viewer/2022042414/5f2eee984e6cf510090e7329/html5/thumbnails/12.jpg)
12
Zurich Research Laboratory
Web Services Security and Federated Identity Management © 2002-5 IBM Corporation
Structure of the Proof
SubmodulesSecurity
AssumptionsTrust Scenario
Precise Protocol Definition
Proof of Secure Channel Establishment
![Page 13: Web Services Security and Federated Identity Management · Zurich Research Laboratory March 8, 2005 Web Services Security and Federated Identity Management Birgit Pfitzmann, bpf@zurich.ibm.com](https://reader034.vdocument.in/reader034/viewer/2022042414/5f2eee984e6cf510090e7329/html5/thumbnails/13.jpg)
13
Zurich Research Laboratory
Web Services Security and Federated Identity Management © 2002-5 IBM Corporation
Summary and Outlook
� FIM: 3-party authentication, often with attribute exchange
� First protocol proof exists� Next steps:
– Relate assumptions to more detailed browser and user models
– Use such models as criteria for browser evaluation
� Privacy:– Protocols can achieve privacy with 2 exceptions– For private use, GUI and policies equally important