- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Mon, 07 Dec 2015 22:50:35 -0500
- To: Tony Arcieri <bascule@gmail.com>, Dave Longley <dlongley@digitalbazaar.com>
- CC: Web Payments IG <public-webpayments-ig@w3.org>, Credentials CG <public-credentials@w3.org>
On 12/07/2015 10:16 PM, Tony Arcieri wrote: > All that said: multiprincipal (3+) authorization decisions are an > extremely difficult problem. Failure to solve the problem correctly > gave us such attacks as CSRF and SAML confused deputy attacks where > users are either authorized for the wrong audience or an audience > misinterprets claims intended for a different audience. Hey Tony, I've been following the discussion closely and would like to have a far more in depth discussion with you about what this Verifiable Claims Task Force work is about. Primarily because I think that you and the VCTF are after the same thing and have the same concerns about attacks on systems that are deployed presently. We're planning on bringing together experts in the field to help us refine the problem statement and how we go about solving the problem. We could also benefit from your experience in the space. Do you have availability next week to dive into this in depth with us on the phone? If not then, what about the beginning of next year (after the holiday break)? -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Web Payments: The Architect, the Sage, and the Moral Voice https://manu.sporny.org/2015/payments-collaboration/
Received on Tuesday, 8 December 2015 03:51:03 UTC