How to Survive the Zombie Apocalypse

Transcription

1 How to Survive the Zombie Apocalypse Ian A. Young SDSS, EDINA, University of Edinburgh FAM10, Cardiff, 06-Oct-2010

2 From an image by Watt_Dabney on Flickr, licensed CC-BY-SA 2.0

3 Quick Answer Buy this book

4 How to Survive Interfederation Ian A. Young SDSS, EDINA, University of Edinburgh FAM10, Cardiff, 06-Oct-2010

5 What to expect Interfederation recap How to protect yourself Understanding trust How to benefit Understanding interoperability

6 Interfederation

7 Bob s Request Alice Bob Alice s Response

8 Alice s Metadata Publish Bob s Metadata Bob s Request Alice Bob Alice s Response

9 Bob s Metadata Exchange Alice s Metadata Bob s Request Alice Bob Alice s Response

10 Bob s Metadata Consume Alice s Metadata Bob s Request Alice Bob Alice s Response

11 Federation Metadata Bob s Metadata Alice s Metadata Bob s Request Alice Bob Alice s Response

12 Oracle Oracle Bob s Metadata Alice s Metadata Bob s Request Alice Bob Alice s Response

13 Fed A metadata Fed B metadata A Alice Bob B

14 Fed A metadata Fed B metadata A B Alice Register Bob

15 Fed A metadata Fed B metadata B A A B Alice Exchange Bob

16 Fed A metadata Fed B metadata B A A B Alice Consume Bob

17 Fed A metadata Fed B metadata A B A B Bob s Request Alice Bob Alice s Response

18 Federation Services A R P Alice

19 RegA

20 Trust Issues

21 We're all friends here. Interfederation Aaargh! Zombie horde!

22 Monolithic Trust Trust Alice Bob

23 This is Bob I like Bob Trust Alice Bob

24 Technical trust Behavioural trust Trust Alice Bob

25 Note, however, that presence in the federation metadata alone should not be taken to imply particular behavioural guarantees. In particular: it is the responsibility of each identity provider to establish appropriate policies for attribute release based on their knowledge of individual service providers; it is the responsibility of each service provider to decide how much trust to place in the attributes presented by an identity provider based on their knowledge of the individual identity provider. UK federation TRP section 4

26 IdP Trust Actions Review default Attribute Release Policy Be selective about what you release Assume that default ARP releases to hostiles Significant attribute release only to specific entities Keyed on entityid These are friendlies

27 SP Trust Actions Don t assume the truth of claims from all entities Assume IdPs are hostile by default Accept claims from: Known entities (keyed on entityid)......where you have a specific basis for behavioural trust (friendlies)

28 Trust Summary TRP section 4 paraphrased: Treat everything as hostile by default If you already do this, nothing needs to change If you don t, you should review IdP and SP policies

29 Interoperability Issues

30 1250 Total Entities Dec 06 May 07 Oct 07 Mar 08 Aug 08 Jan 09 Jun 09 Nov 09 Apr 10 Sep 10 Data: 01-Oct :00:00

31 Metadata Size Expect to have to handle somewhat more metadata Shibboleth 1.3 is not very good at this Use something else!

32 SAML 1.1 vs. 2.0 In the UK, still many entities only capable of SAML 1.1 In newer federations, many entities only capable of SAML 2.0 Best chance of interoperability from software which can do both I m looking at you again, Shibboleth 1.3

33 60% SAML 2 Support 50% 40% 30% 20% 10% 0% Jan 08 May 08 Sep 08 Jan 09 May 09 Sep 09 Jan 10 May 10 Sep 10 IdP SP Data: 01-Oct :00:00

34 600 Transition from Shibboleth Entities Jan 08 May 08 Sep 08 Jan 09 May 09 Sep 09 Jan 10 May 10 Sep 10 Shib 1.3 Shib 2.X Data: 01-Oct :00:00

35 Key Material Originally, UK federation based on PKIX credentials (<KeyName> elements) This doesn t work for SAML 2.0 encryption This doesn t work cross-federation due to inconsistent trust roots If you want to interfederate, make sure you supply embedded key material This is an option even for Shibboleth 1.3

36 <EntitiesDescriptor Name=" <Extensions> <shibmd:keyauthority> <ds:x509data> <!-- trust root here, as X.509 certificate --> </ds:x509data> <ds:x509data> <!-- trust root here, as X.509 certificate --> </ds:x509data> </shibmd:keyauthority> </Extensions> <EntityDescriptor entityid= > <SPSSODescriptor> <KeyDescriptor...> <ds:keyinfo> <ds:keyname>sp.example.org</ds:keyname> <ds:keyinfo> </KeyDescriptor> </SPSSODescriptor> </EntityDescriptor> </EntitiesDescriptor>

37 <EntitiesDescriptor Name=" <Extensions> <!-- KeyAuthority trust roots ignored --> </Extensions> <EntityDescriptor entityid= > <SPSSODescriptor> <KeyDescriptor...> <ds:keyinfo> <!-- KeyName still valid but ignored for interfed --> <ds:keyname>sp.example.org</ds:keyname> <ds:x509data> <!-- public key here, as X.509 certificate --> </ds:x509data> <ds:keyinfo> </KeyDescriptor> </SPSSODescriptor> </EntityDescriptor> </EntitiesDescriptor>

38 100% Direct Key Trust Available 80% 60% 40% 20% 0% Dec 06 May 07 Oct 07 Mar 08 Aug 08 Jan 09 Jun 09 Nov 09 Apr 10 Sep10 IdP SP Data: 01-Oct :00:00

39 Interoperability Summary Stop using Shibboleth 1.3 please! Deploy software capable of SAML 2.0 Provide embedded key material

40 Miscellaneous Interoperability Be careful about epsa values (see TRP ) Sign up to section 6 Be prepared to stand up and be counted

41 Questions?