[HGI-News-de] HGI Kolloquium Do, 15.7.: Cryptographically Strong Bindings of SAML Assertions to Transport Layer Security von Florian Kohlar

[Newsletter des Horst Görtz Instituts]

Hallo,

im Rahmen des HGI Kolloquiums "Aktuelle Themen der IT-Sicherheit" wird am kommenden *Donnerstag* der folgende Vortrag angeboten:

Florian Kohlar (NDS) 
*On Cryptographically Strong Bindings of SAML Assertions to Transport Layer Security*

Termin: Donnerstag, den 15. Juli um  11.00 Uhr (*s.t.*)
Raum: IC 4/161

Interessierte sind herzlich eingeladen!

==============================================================
Abstract:
In recent research work, two approaches to protect SAML based Federated Identity Management (FIM) against man-in-the-middle attacks have been proposed. One approach is to bind the SAML assertion and the SAML artifact to the public key contained in a TLS client certificate. Another approach is to strengthen the Same Origin Policy of the browser by taking into account the security guarantees TLS gives. In this work, we present a third approach which is of further interest beyond IDM protocols. By binding the SAML assertion to cryptographically derived values of the TLS session that has been agreed upon between client and the service provider, this approach provides anonymity of the browser while allowing Relying Party and Identity Provider to detect the presence of a man- in-the-middle attack.
==============================================================

Vorankündigung: 
22. Juli: Lena Wiese (TU Dortmund), Logical Requirements for Database Security - 29. Juli: Alexander Meurer (CITS), Correcting Errors in RSA Private Keys

Informationen über die nächsten geplanten Vorträge im Rahmen des HGI Kolloquiums sind auch im Web zu finden:
http://www.hgi.rub.de/hgi/hgi-seminar/aktuelles


Viele Grüße
Timo