-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is contents validation based on exact string matching or fingerprint list matching when verifying identity assertion? #1505
Comments
I don't understand the question. |
Oops, I missed rtcweb-security-arch section 5.6.4. Binding Identity Assertions to JSEP Offer/Answer Transactions which specifies the format of In that case I just need one clarification: Is reordering or reformatting of the fingerprints in const contents1 = `{
"fingerprint": [ {
"algorithm": "sha-256",
"digest": "4A:AD:B9:B1:3F:...:E5:7C:AB"
}, {
"algorithm": "sha-1",
"digest": "74:E9:76:C8:19:...:F4:45:6B"
} ]
}`
// Reformatting and reordering of contents1
const contents2 = `{
"fingerprint": [
{ "algorithm": "sha-1", "digest": "74:E9:76:C8:19:...:F4:45:6B" },
{ "algorithm": "sha-256", "digest": "4A:AD:B9:B1:3F:...:E5:7C:AB" }
]
}` If on peer1's |
The contract specifies |
My point is that string equality cannot be enforced as a MUST in the spec. At most it can only be a SHOULD requirement. The original |
You could write a test case for an IdP that enforces this constraint and it's an important invariant. |
Hmm ok. So we can say that IdP proxy scripts MUST treat |
There are a few places that mention that
contents
returned byvalidateAssertion
must be exact string match ofcontents
passed togenerateAssertion
:And in rtcweb-security-arch:
However in section 9.4 Verifying Identity Assertions,
contents
is validated by only decoding it and match against all a=fingerprint attributes.This means it doesn't need to be exact, e.g. there can be extra fingerprints in
contents
or fingerprints can be reordered.Other than that, there are issues on enforcing either of the requirements.
For exact string matching, this is not possible because the original
contents
is only known by the remote peer, and there is no additional metadata in the SDP that mention what the originalcontent
must be. We cannot rely on the a=identity line because the assertion string returned from the IdP is opaque, and may not contain the originalcontents
string, e.g. it can be stored on server side.For fingerprint list matching,(Update: format for `contents is specified in 5.6.4.)contents
is supposed to be an opaque string and rtcweb-security-arch doesn't specify what should be the format ofcontents
. In other words the format could be implementer specific and thus could introduce interoperability issues.The text was updated successfully, but these errors were encountered: