Security considerations for integrity of solid:oidcIssuer triples #219
Comments
Otto-AA
changed the title
|
Thank you @Otto-AA, there is also https://github.com/solid/webid-profile but since OIDC relies on it we can also add it here. /cc @VirginiaBalseiro |
|
I am in favor of your second but not the first. I find the ESS approach of forbidding apps from editing the profile document much too restrictive. OTOH, if the IdP allows patches to the profile but intercepts them and disallows changes to oidcIssuer, that would seem to allow both security and user control over their own profile., |
|
The issuer is in and itself a point of failure when it is compromised. |
|
We plan to discuss this issue next week https://github.com/orgs/solid/projects/16/views/3?pane=issue&itemId=65170443 on Tuesday |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am not sure if this is the correct specification, but I'd suggest to add security considerations for the write/changability of the solid:oidcIssuer triple in the WebID profile.
The solid:oidcIssuer is used to verify that access token are created by the right entity for a WebID:
In turn this means, if someone is able to add or change this triple in the profile, they can point it to a server under their control and create valid access tokens. Thus, append or write access to the profile indirectly gives access to anything the webID has access to.
I propose to add a Security Consideration along the lines of: "WebID providers SHOULD/MUST ensure the integrity of solid:oidcIssuer triples. Any agent that can modify or add solid:oidcIssuer triples to the WebID could impersonate this WebID."
In practice, this could be implemented in one of following ways:
The text was updated successfully, but these errors were encountered: