shibboleth-dev - Re: Attribute Queries in Shib 2
Subject: Shibboleth Developers
List archive
- From: Ian Young <>
- To:
- Subject: Re: Attribute Queries in Shib 2
- Date: Mon, 09 Jul 2007 15:25:19 +0100
- Openpgp: id=EA2882BB
Chad La Joie wrote:
> Whether encryption is used is unrelated. If you provide an encryption
> key it will, be default, encrypt; if you don't, it won't.
I was afraid you'd say that.
> I personally feel that the concerns about front-channel, unencrypted,
> attribute push are spurious.
I hope to convince you to think about this again.
> All the information is being encrypted in
> transit (since it's over SSL/TLS).
Let me say up front that I agree that the front channel *should* be
operating over TLS. I have pushed hard to strongly encourage good
practice in this area in the UK federation.
However, it's not guaranteed. Front channel protocols work just fine
over unencrypted connections, so you can place money on people sometimes
deploying that way, no matter how much you and I might think it is a
terrible idea.
There are 12 http:// AssertionConsumerService/@Locations in the InCommon
metadata, for example (2 in the UK federation, 37 in SWITCH). That's
part of the world your IdP has to operate in, it seems to me, and if you
default to attribute push without taking the SP's capabilities into
account you're making a data spill more likely.
Remember that I'm not saying you can't default intelligently to
attribute push when you know it's safe. It's making that the default
without making the safety check that I think is unwise, because the
world observably doesn't match your stated assumptions.
> The idea that the user seeing their
> attributes being a problem seems silly to me.
Attributes are statements made about the subject by party A for
consumption by party B. I can't see why you'd assume that all such
attributes should be visible to the subject: an opinion (a credit score,
or a medical assessment) or something involving more than one data
subject, for counter-examples.
I'm not saying that people *ought* to move this kind of thing around.
But they will, and they aren't going to remember to change the default
profile in use when they change an ARP.
-- Ian the spuriously concerned
- Attribute Queries in Shib 2, Chad La Joie, 07/05/2007
- RE: Attribute Queries in Shib 2, Scott Cantor, 07/05/2007
- Re: Attribute Queries in Shib 2, Ian Young, 07/09/2007
- Re: Attribute Queries in Shib 2, Tom Scavo, 07/09/2007
- Re: Attribute Queries in Shib 2, Ian Young, 07/09/2007
- Re: Attribute Queries in Shib 2, Chad La Joie, 07/09/2007
- Re: Attribute Queries in Shib 2, Tom Scavo, 07/09/2007
- RE: Attribute Queries in Shib 2, Scott Cantor, 07/09/2007
- Re: Attribute Queries in Shib 2, Ian Young, 07/09/2007
- Re: Attribute Queries in Shib 2, Chad La Joie, 07/09/2007
- Re: Attribute Queries in Shib 2, Ian Young, 07/09/2007
- Re: Attribute Queries in Shib 2, Chad La Joie, 07/09/2007
- RE: Attribute Queries in Shib 2, Scott Cantor, 07/09/2007
- Re: Attribute Queries in Shib 2, Jim Fox, 07/09/2007
- Re: Attribute Queries in Shib 2, Ian Young, 07/09/2007
- Re: Attribute Queries in Shib 2, Chad La Joie, 07/09/2007
- Re: Attribute Queries in Shib 2, Ian Young, 07/09/2007
- Re: Attribute Queries in Shib 2, Tom Scavo, 07/09/2007
Archive powered by MHonArc 2.6.16.