Top Banner
Core Assertions Phill Hallam-Baker
28

Core Assertions

Jan 19, 2016

Download

Documents

klaus

Core Assertions. Phill Hallam-Baker. Status. Waiting for use cases to specify problem Can give a price of specific use case features Auth-XML / S2ML / X-TASS / ITML … Whose method is best is not the issue at this point Number of communications absolutely necessary Fewer is better - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Core Assertions

Core Assertions

Phill Hallam-Baker

Page 2: Core Assertions

Status

• Waiting for use cases to specify problem• Can give a price of specific use case features

– Auth-XML / S2ML / X-TASS / ITML …• Whose method is best is not the issue at this point

– Number of communications absolutely necessary• Fewer is better

– Data flow Communication Graph

– Re-use of data structures

Page 3: Core Assertions

Decision Process(Coh-Ad Model)

Divide Decisions into 3 types:1) Nobody cares (very much)

• Tag names, structure nesting etc.

• Everyone has to burn their code anyway

2) Objective design issues• Protocol efficiency etc.

• Discuss

3) Subjective design tradeoff decisions• Identify costs / benefits of alternate approaches

• Send to full group

Page 4: Core Assertions

Data Structures Identified Thus Far

• Assertion– Authenticated statement

• Ticket / Assertion Token– Compact reference to an assertion– Strong cryptographic binding

Page 5: Core Assertions

Parties

Issuer

Client

Relying

May not supportAssertions / SAML

‘64 byte boundary’

‘Distributor’ ‘Enforcer’

Page 6: Core Assertions

Pull Model

Issuer

Client

Relying

Page 7: Core Assertions

V Model

Issuer

Client

Relying

Page 8: Core Assertions

Proxy Model

Issuer

Client

Relying

Page 9: Core Assertions

“Must be a Plumber”

Amalgamated Plumber’s Union

“Alice is a Plumber”

Multiple Issuer Model

Client

RelyingIssuer Issuer

Page 10: Core Assertions

Assertion Data Structure

• Assertion Identifier - URI

• Status– Valid | Invalid | Indeterminate

• Authorization(s)

• Subject Identifier– Authentication Data

• Conditions– Validity Interval

– Other Essential Conditions

• When / how to get an update [Optional]

Page 11: Core Assertions

Authorizations

• Option 1: Shared Vocabulary of Terms– URI – the Web way to do this

• URL – Can identify the actual resource [I.e. AuthZ Decision]– OK to access http://xyz.test/dead_secret.html

• URN – Can encode rights [I.e. Constrained AuthZ Attribute]– Need mechanism to map rights to resources– SAML need not define this [Decoupled]

• Option 2: Private Extension Schema– For data more structured than URN allows

• [I.e. Unconstrained AuthZ Attributes]• <a:AuthData xmlns=“…”> <a:Title>Fat Controller</Title> …

Page 12: Core Assertions

Subject / Authentication Data Identification

• Essential– Bind assertion to authentication data

• ‘Holder of this ticket has these authorizations’• ‘Holder of this public key has these authorizations’• ‘Holder of this account (i.e. reference to password)

has these authorizations’

• Useful (in some circumstances)– Bind assertion to identity

• ‘Alice has these authorizations’

Page 13: Core Assertions

Note on Multiple Issuer Case

• Deliberately avoid committing Assertion structure to particular level of granularity– Leave this to implementation– Does not introduce ambiguity– Reduces number of data structures required– Allows great flexibility

Page 14: Core Assertions

Conditions

Validity Interval– | notBefore notOnOrAfter ]

Audience– Assertion statement may be directed to specific audience– Address the legal issue of relying party problem & good hygiene

Verification Requirement– MUST get positive affirmation per use

Unsupported Condition [Privately defined]– MUST consider assertion status to be Indeterminate– Ensure that applications do not rely on private conditions

Page 15: Core Assertions

Reissue [Optional]

• Specify reissue time & locations– | Earliest Latest ]– Locations

• Used for pull / polling model

• Optional– Issuer does not need to generate– Relying that does not support can ignore

Page 16: Core Assertions

Discrete Increase In Complexity

Session Management Support

“Forced Log Out”

Page 17: Core Assertions

Session Management

• What does it mean for assertion?– Assertion status becomes invalid before expiry

• Why is this a challenging problem?– How to notify parties relying on on assertion

• Efficiency• Robustness• Push or Pull model???

• It is a solved problem however (sort of)– PKIX CRLs / Delta CRLs / Scoped CRLs / OCSP– Don’t invent new mechanism – its probably patented

Page 18: Core Assertions

Push

Issuer Relying

Relying

Relying

Alice is Fired

Revoke AliceAuthorizations

Problem, what ifMessage does notget through?

Page 19: Core Assertions

Pull

Issuer Relying

Relying

Relying

Alice is Fired

Alice OK?

Fired Problem – EfficiencyCan we cache response?Can we aggregate?

Page 20: Core Assertions

X-TASS Meta Assertions

• Identify assertion by URI– Define lexical ordering on URIs

• Meta assertion may specify status of one assertion or a group of assertions– Combine OCSP token and CRL concept– Scope of meta assertion is entirely arbitrary

• Chosen at time meta assertion is generated• C.f. CRL length increases with certificate population

Page 21: Core Assertions

X-TASS Meta Assertion Status List

IndeterminateValidhttp://abc.test/0412

http://abc.test/0134 http://abc.test/0634

http://abc.test/0012

http://abc.test/0145

http://abc.test/0424

http://abc.test/0612

Valid False

Valid

Invalid

Invalid

Invalid

True

True

True

True

http://xyz.test/2832 http://xyz.test/9283 Valid True

Is also an assertion:Specify validity intervalSpecify re-issue schedule

Page 22: Core Assertions

XTASS Status

• Not currently in standards group process– Willing to relinquish change control

– Dependency issues – other specifications will use XTASS framework

• SAML uses 85% of X-TASS feature set– Remaining feature is management of embedded root keys

• Trust root embedded in device is PA

– Secret key SA lives in safe

• Once a year, an online key PB is established

– Delegation Assertion authorizing SB is created

• This feature could be specified in separate group

Page 23: Core Assertions

Ticket

• Means of referencing assertion– Opaque to clients

– Must be capable of embedding in URL, Cookie• 64 bytes 256 bytes with base64 encoding

• Authentication token– The token itself [if always passed over encrypted

channel]

– Data encrypted in token

Page 24: Core Assertions

Typical Ticket Data Items

• Hash of Assertion ID 20 bytes– Need to resolve somehow

• Locator (URL) of Assertion 3264 bytes– Need some compression mechanism

• Account ID 816 bytes– Flag as authenticated / not authenticated

• Validity Interval 10 bytes• Any Assertion Field ??? bytes• Authentication Field 20 bytes

Page 25: Core Assertions

Ticket Encoding Scheme

• Should have one– Probably needs to be flexible

– Must have minimal overhead

• Use ASN.1?– Complex, verbose, Mad, Bad, Dangerous to know

• Binary XML encoding?– Define tag dictionary

– MUST be encoded / decoded using one pass decoder

Page 26: Core Assertions

Possible scheme

• Data Item Encoding– Tag Length Value

• Structure Encoding [if required]– Tag Data End

T EStructure

LT Data LT Data LT Data

Page 27: Core Assertions

Encoding of Tags, Length Values

• Most tags, values encoded in one byte– Unlikely to have > 128 Tags– Unlikely to have data length > 128– But corner cases may require this

• Use MSB to indicate extension status, little-endian– 80 = 0 = 0H

– 81 = 1 = 0H

– FF = 127 = 7FH

– 00 81 = 128 = 00H + 01H•80H

– 7F FF = 16382 = 7FH + 7FH•80H

– Etc. as required

Page 28: Core Assertions

Conclusions

• Have mechanism to meet requirements raised thus far


Related Documents
SystemVerilog Assertions for Clock-Domain-Crossing … 2015 Assertions for CDC_Final.pdf · SystemVerilog Assertions for Clock-Domain-Crossing Data Paths ... and guidelines to manage

SystemVerilog Assertions for Clock-Domain-Crossing … 2015....

Category: Documents
Core Java : Exceptions and assertions

Core Java : Exceptions and assertions

Category: Technology
La2_Modul Exception & Assertions

La2_Modul Exception & Assertions

Category: Documents
2014 GeeCON Custom Assertions

2014 GeeCON Custom Assertions

Category: Software
Security Assertions Markup Language… · Web viewCommittee Specification 01, 31 May 2002. Document identifier: cs-sstc-core-01 (PDF, Word) Location: Editors ...

Security Assertions Markup Language… · Web viewCommittee...

Category: Documents
Chapter 17 Exceptions and Assertions

Chapter 17 Exceptions and Assertions

Category: Documents
SystemVerilog Assertions Handbook · SystemVerilog Assertions Handbook

SystemVerilog Assertions Handbook · SystemVerilog...

Category: Documents
Java cert programmer (assertions)

Java cert programmer (assertions)

Category: Documents
Lec14 SV Assertions

Lec14 SV Assertions

Category: Documents
SystemVerilog Assertions Are For Design Engineers Too! · SNUG San Jose 2006 1 SystemVerilog Assertions for Design Engineers SystemVerilog Assertions Are For Design Engineers Too!

SystemVerilog Assertions Are For Design Engineers Too! ·.....

Category: Documents
Asynchronous Assertions

Asynchronous Assertions

Category: Documents
Assertions, Views and Programming Techniques

Assertions, Views and Programming Techniques

Category: Documents