W3C home > Mailing lists > Public > public-webpayments-ig@w3.org > December 2015

Re: Verifiable Claims Telecon Minutes for 2015-12-01

From: Manu Sporny <msporny@digitalbazaar.com>
Date: Mon, 07 Dec 2015 22:50:35 -0500
Message-ID: <5666538B.8070600@digitalbazaar.com>
To: Tony Arcieri <bascule@gmail.com>, Dave Longley <dlongley@digitalbazaar.com>
CC: Web Payments IG <public-webpayments-ig@w3.org>, Credentials CG <public-credentials@w3.org>
On 12/07/2015 10:16 PM, Tony Arcieri wrote:
> All that said: multiprincipal (3+) authorization decisions are an 
> extremely difficult problem. Failure to solve the problem correctly 
> gave us such attacks as CSRF and SAML confused deputy attacks where 
> users are either authorized for the wrong audience or an audience 
> misinterprets claims intended for a different audience.

Hey Tony,

I've been following the discussion closely and would like to have a far
more in depth discussion with you about what this Verifiable Claims Task
Force work is about. Primarily because I think that you and the VCTF are
after the same thing and have the same concerns about attacks on systems
that are deployed presently.

We're planning on bringing together experts in the field to help us
refine the problem statement and how we go about solving the problem. We
could also benefit from your experience in the space.

Do you have availability next week to dive into this in depth with us on
the phone? If not then, what about the beginning of next year (after the
holiday break)?

-- manu

Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Web Payments: The Architect, the Sage, and the Moral Voice
Received on Tuesday, 8 December 2015 03:51:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:08:47 UTC