Trust/threat model for OpenID
Ben Hyde
bhyde at pobox.com
Sat Jul 29 15:27:47 UTC 2006
David - I'm not familiar with a BAN analysis. Does it have anything
to say about, just to pick some thing at random - that open id enables
two service providers to gossip about the user behind his back? Since
the user is encouraged to give them both the same identity URL it's
easy for them to trade user models (account data) with each other.
On Jul 28, 2006, at 10:51 AM, David Strauss wrote:
> Yes, I've done such an analysis. I used what's called "BAN logic."
> It's
> a formal academic notation for analyzing security protocols and
> whether
> their assumptions (of various types) are justified.
>
> The biggest hole is when the identity URL page is fetched without SSL
> (or any other signing protocol).
>
> I have a half-written paper on the BAN analysis I performed. I'll
> finish
> it if anyone's interested.
>
> David Strauss
>
> Gabe Wachob wrote:
>> Has someone written up a trust/security model for OpenID (ie who
>> trusts who for what, and what the threats are to the parties
>> involved?)
>>
>> I'm not sure what assumptions are being made about the participating
>> parties so I'm not terribly comfortable assessing its use for a
>> variety of environments other than things like SSO to livejournal for
>> posting comments ;-)
>>
>> TIA
>>
>> -Gabe
>>
>
>
More information about the yadis
mailing list