Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/is 96 qr codes #102

Merged
merged 4 commits into from Nov 1, 2019
Merged

Feature/is 96 qr codes #102

merged 4 commits into from Nov 1, 2019

Conversation

martin-lindstrom
Copy link
Member

No description provided.

@martin-lindstrom
IS-96 Added secure-authenticator-binding
24979bf 
Added the Added secure-authenticator-binding entity category.
@martin-lindstrom
IS-96 Added secure-authenticator-binding
d770fd9 
Removed the previous BankID specific entity category and replaced with a URI that may be used be several IdP:s.
@martin-lindstrom martin-lindstrom self-assigned this Oct 29, 2019
@martin-lindstrom martin-lindstrom added this to In progress in Post June 2018 via automation Oct 29, 2019
Razumain
Razumain requested changes Oct 30, 2019
View reviewed changes
ELN-0606 - Entity Categories for the Swedish eID Framework.md
This profile defines the `http://id.swedenconnect.se/general-ec/1.0/secure-authenticator-binding` entity category to be declared by Service Providers in order to add a requirement on Identity Providers
vulnerable of the attacks described above that they SHOULD use a secure authenticator binding (if this
feature is supported by the Identity Provider).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggesting that both IdP and SP set this EC. If the EC is set by the IdP, the IdP must honor it if set by the SP. IdP who have not set this are not affected.

ELN-0612 - BankID Profile for the Swedish eID Framework.md

Therefore, this profile defines the `http://id.swedenconnect.se/general-ec/1.0/bankid/qr-code` entity category. It may be declared in a Service Provider's metadata as an indicator for a BankID Identity Provider that the Service Provider requires that the QR code functionality is used instead of prompting for the user personal identity number.
A BankID Identity Provider compliant with this profile SHOULD check the presence of the `secure-authenticator-binding` entity category from the Service Provider metadata when processing a request, and SHOULD prompt the user to scan a QR code instead of asking for the personal identity number if the entity category is present in the Service Provider metadata.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above. IdP who have declared this EC MUST check it and act according to it.

maganvill
maganvill reviewed Oct 31, 2019
View reviewed changes
ELN-0612 - BankID Profile for the Swedish eID Framework.md Outdated

Note that the presence of the QR code entity category in the Service Provider metadata has precedence over the presence of the `<psc:PrincipalSelection>` extension in the authentication request<sup>1</sup>.
Note that the presence of the `secure-authenticator-binding` entity category in the Service Provider
metadata has precedence over the presence of the `<psc:PrincipalSelection>` extension in the authentication request<sup>1</sup>.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to exclusivly apply only one of secure-authenticator-binding and <psc:PrincipalSelection> since it's possible to start BankdID client using QR code for a transaction bound to a personal identitynumber.

Perhaps change description to something like: Note that the presence of the QR code entity category in the Service Provider metadata will apply despite precense of any <psc:PrincipalSelection> extension in the authentication request

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. You are correct. Will change the wording.

@maganvill
Copy link

maganvill commented Oct 31, 2019
edited

Issue #96

@martin-lindstrom
IS-96 Updates after PR comments
a21c126 
Made section 3.3 easier to read by moving recommendations into an own chapter.

Added a note to describe the case where a SP requires QR codes but also send a principal selection extension.
@martin-lindstrom martin-lindstrom merged commit ead3f6c into master Nov 1, 2019
Post June 2018 automation moved this from In progress to Done Nov 1, 2019
@martin-lindstrom martin-lindstrom mentioned this pull request Nov 1, 2019
Closed
@martin-lindstrom martin-lindstrom deleted the feature/is-96-qr-codes branch April 24, 2023 12:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maganvill maganvill maganvill left review comments

@Razumain Razumain Razumain requested changes

Assignees

@martin-lindstrom martin-lindstrom

Labels
None yet
Projects
No open projects
Post June 2018
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@martin-lindstrom @maganvill @Razumain