- From: Alan Karp <alanhkarp@gmail.com>
- Date: Wed, 16 Dec 2020 09:01:35 -0800
- To: "Joosten, H.J.M. (Rieks)" <rieks.joosten@tno.nl>
- Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
- Message-ID: <CANpA1Z33AUL1dquQGZ8zh0unoD99Q_6Ghg+HfFSA7j2PaTrSNw@mail.gmail.com>
AM Joosten, H.J.M. (Rieks) <rieks.joosten@tno.nl> wrote: > @Alan Karp: > > - I agree that the SP would need to know the permissions. However, I'm > particularly interested to find out about cases where actual authentication > of both people/identities is in play: where the SP would not only need to > ensure that the one presenting the credential is one of the people > mentioned in that credential, but also that the person that does not > present the credential is actually present in the company of the first. > > It's important to remember that people can share private keys. That means you can never know who, only who to hold responsible. Physical presence is very hard to prove online. One trick is to use the speed of light. Send a nonce to Alice, have her hand it to Bob, and have Bob send the nonce back to you. Assuming you know the transmission time to Alice (a huge assumption), you can figure out if she is close to Bob. As flaky as this sounds, something like it has been used to protect data centers from remote attacks. > > - > - Can you clarify what you mean with 'confused deputy vulnerability' – > I have no clue what you mean but would really like to understand. > > The Wikipedia page, https://en.wikipedia.org/wiki/Confused_deputy_problem, has a good description, and Norm Hardy's paper cited there is a fun read. It turns out that there are many confused deputy vulnerabilities, things like cross-site request forgery. I also recommend http://waterken.sourceforge.net/aclsdont/current.pdf. -------------- Alan Karp
Received on Wednesday, 16 December 2020 17:02:00 UTC