[SECURITY-14] PE: Disallow Object element in signatures - OASIS Technical Committees Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Applied
Affects Version/s: 2.0
Fix Version/s: SAML 2.0 + Approved Errata 05
Component/s: Core
Labels:
None

Proposal:

Hide

Modify SAML Core by inserting a new section 5.4.5:

5.4.5 Object

The <ds:Object> element is not defined for use with SAML signatures, and SHOULD NOT be present. Since it can be used in service of an attacker by carrying unsigned data, verifiers SHOULD reject signatures that contain a <ds:Object> element.

Show
Modify SAML Core by inserting a new section 5.4.5: 5.4.5 Object The <ds:Object> element is not defined for use with SAML signatures, and SHOULD NOT be present. Since it can be used in service of an attacker by carrying unsigned data, verifiers SHOULD reject signatures that contain a <ds:Object> element.
Resolution:

Hide

Resolved as proposed on TC call on Aug 9, 2011:
http://lists.oasis-open.org/archives/security-services/201108/msg00021.html

Show
Resolved as proposed on TC call on Aug 9, 2011: http://lists.oasis-open.org/archives/security-services/201108/msg00021.html

Description

The XML Signature profile in SAML Core doesn't explicitly disallow the use of the <ds:Object> element in signatures, although it's discouraged by implication given the other restrictions imposed. Since the element is often used to carry out wrapping attacks, and its use was never profiled, we should discourage it explicitly.

Attachments

Activity

People

Assignee:

Scott Cantor (Inactive)

Reporter:

Scott Cantor (Inactive)

Watchers:

0 Start watching this issue

Dates

Created:

09/Aug/11 12:13 PM

Updated:

01/Jun/12 3:00 PM

Resolved:

01/Jun/12 3:00 PM