Internet Engineering Task Force (IETF) S. Santesson Request for Comments: 7773 3xA Security Category: Standards Track March 2016 ISSN: 2070-1721 Authentication Context Certificate Extension Abstract This document defines an extension to X.509 certificates. The extension defined in this document holds data about how the certificate subject was authenticated by the Certification Authority that issued the certificate in which this extension appears. This document also defines one data structure for inclusion in this extension. The data structure is designed to hold information when the subject is authenticated using a Security Assertion Markup Language (SAML) assertion. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7773. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Santesson Standards Track [Page 1] RFC 7773 Authentication Context Extension March 2016 Table of Contents 1. Introduction ....................................................2 1.1. Terminology ................................................3 2. Authentication Context Extension Syntax .........................4 3. SAML Authentication Context Information .........................4 3.1. contextInfo Data Structure .................................5 3.1.1. AuthContextInfo Element .............................5 3.1.2. IdAttributes Element ................................6 4. Security Considerations .........................................8 5. Normative References ............................................8 Appendix A. ASN.1 Modules .........................................10 A.1. ASN.1 1988 Syntax .........................................10 A.2. ASN.1 2008 Syntax .........................................11 Appendix B. SAML Authentication Context Info XML Schema ...........12 B.1. XML Schema ................................................12 Appendix C. SAML Authentication Context Info XML Examples .........14 C.1. Complete Context Information and Mappings .................14 C.2. Only Mapping Information without SAML Attribute Values ....15 C.3. Authentication Context and serialNumber Mapping ...........16 Author's Address ..................................................16 1. Introduction The primary purpose of this document is to provide a mechanism that allows an application to obtain information that expresses the identity of a subject in an X.509 certificate according to [RFC5280]. The identity is stored either in a subject field attribute, as a subject alternative name, or in a subject directory attribute. The motivation for this work is to enable mapping of identity data between an identity system and a certificate where the identity system and the certificate are using different attributes and data formats to express the identity of the same entity. In such a scenario, the certificate subject already has an authenticated identity composed of a set of attributes, or so-called claims, that differ from the set of attributes that are commonly used to express the identity of a certificate subject and that may be governed by a specific certificate profile limiting that set. A typical scenario motivating the definition of this extension arises when the source of user authentication and user identity is derived from a SAML [SAML] federation attribute profile. In a SAML federation, the subject presents a SAML assertion in exchange for a certificate that can be uniquely linked to information provided in the original SAML assertion, e.g., attributes and/or level of assurance indicators. Santesson Standards Track [Page 2] RFC 7773 Authentication Context Extension March 2016 Such certificates are sometimes issued in order to provide the user with a means to create an electronic signature that ties the user to the SAML subject, its attributes, and level of assurance indicators. If such a certificate needs to conform to a certificate profile such as [RFC3739], then this certificate may have to use a separate set of attributes to express the subject identity. The certificate also may have to employ a format for attribute values that is different from the set of attributes obtained from the SAML assertion. The extension defined in the document makes it possible to represent information about the authentication context employed when authenticating the subject for the purpose of issuing a certificate. This may include information such as: o the Identity Provider that authenticated the subject o the level of assurance with which the subject was authenticated o the trust framework where this level of assurance was defined o a unique reference to the authentication instant o a mapping between the subject attributes (obtained from the SAML assertion used to authenticate the subject) and the subject identity information placed in the issued certificate. One scenario where this information may be useful arises when a user logs in to a service using SAML credentials, and the same user (at some point) is required to sign some information. The service may need to verify that the signature was created by the same user that logged on to the service. Today this is only possible using out-of- band knowledge about the Certification Authority (CA) that issued the certificate and its practices. However, this approach does not scale to a large number of service providers, identity providers, and CAs. The extension defined here provides better scalability since it requires only the service provider to maintain a list of trusted CAs. All other information about the relationship between the certificate subject and the SAML authenticated subject is available in the certificate. 1.1. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Santesson Standards Track [Page 3] RFC 7773 Authentication Context Extension March 2016 2. Authentication Context Extension Syntax The Authentication Context extension has the following syntax: AuthenticationContexts ::= SEQUENCE SIZE (1..MAX) OF AuthenticationContext AuthenticationContext ::= SEQUENCE { contextType UTF8String, contextInfo UTF8String OPTIONAL } This extension holds a sequence of AuthenticationContext information. When present, this extension MUST include at least one AuthenticationContext. The type of authentication context defined in AuthenticationContext is identified by the contextType. The contextType MUST contain a URI that identifies the context type as well as the data format and encoding of context information provided in contextInfo. This extension MAY be marked critical. Applications that find an authentication context information type they do not understand MUST ignore it if the extension is non- critical and MUST reject the certificate if the extension is marked critical. If an application requires that an authentication context exist, and either the extension is absent or none of the provided authentication contexts can be used, the end-user certificate fails validation. This document defines one authentication context information type (Section 3) that is used to provide information about SAML-based authentication of the subject that was utilized in the certificate issuance process. Other documents can define other authentication context information types. 3. SAML Authentication Context Information The SAML Authentication context information provides a contextType field that can be used to carry information about SAML-based authentication of the certified subject as utilized in the certificate issuance process. Santesson Standards Track [Page 4] RFC 7773 Authentication Context Extension March 2016 The data carried in this authentication context information field is identified by the following XML schema ([Schema1] [Schema2]) name space: http://id.elegnamnden.se/auth-cont/1.0/saci When this URI is specified as contextType, the associated XML data provided in contextInfo MUST be provided in the form of an XML document [XML], represented by a string of UTF-8-encoded characters. The XML document SHOULD exclude any unnecessary line breaks and white space, such as line indentation, to reduce its size as much as possible. 3.1. contextInfo Data Structure The data provided in contextInfo SHALL contain XML that is UTF-8 encoded in accordance with the XML schema provided in Appendix B. The XML document string in contextInfo MUST NOT include an XML header. That is, the XML document string contains only the root element with its child elements and . The and elements are outlined in the following subsections. 3.1.1. AuthContextInfo Element The element MAY be present. This element contains the following attributes: IdentityProvider (required): The SAML EntityID of the Identity Provider that authenticated the subject. AuthenticationInstant (required): Date and time when the subject was authenticated, expressed according to Appendix B.1. AuthnContextClassRef (required): A URI identifying the AuthnContextClassRef that is provided in the AuthnStatement of the Assertion that was used to authenticate the subject. This URI identifies the context and the level of assurance associated with this instance of authentication. AssertionRef (optional): A unique reference to the SAML assertion. ServiceID (optional): An identifier of the service that verified the SAML assertion. Santesson Standards Track [Page 5] RFC 7773 Authentication Context Extension March 2016 The element may hold any number of child elements of type any (processContents="lax"), providing additional information according to local conventions. Any such elements SHOULD be ignored if not understood. 3.1.2. IdAttributes Element The element MAY be present. This element holds a sequence of one or more elements, where each element contains mapping information about one certificate subject attribute or name form present in the certificate. Each element MUST specify the following attributes: Type: A string containing one of the enumerated values "rdn", "san", or "sda", specifying the type of certificate attribute or name form for which mapping information is provided: "rdn": Mapping information is provided for an attribute in a Relative Distinguished Name located in the subject field. "san": Mapping information is provided for a name in the Subject Alternative Name extension of the certificate. "sda": Mapping information is provided for an attribute in the Subject Directory Attributes extension. Ref: A reference to the specific attribute or name field. This reference is dependent on the value of Type in the following way: "rdn": Ref holds a string representation of the object identifier (OID) of the relative distinguished name attribute. "san": Ref holds a string representation of the explicit tag number of the Subject Alternative Name type (e.g., "1" = email address (rfc822Name) and "2" = dNSName). If the SubjectAlternative name is an otherName, then Ref holds a string representation of the OID defining the otherName form. "sda": Ref holds a string representation of the OID of the subject directory attribute attribute. Santesson Standards Track [Page 6] RFC 7773 Authentication Context Extension March 2016 String representations of object identifiers (OID) in the Ref attribute MUST be represented by a sequence of integers separated by a period, e.g., "2.5.4.32". This string contains only numerals (ASCII 0x30 to 0x39) and periods (ASCII 0x2E), and it MUST NOT contain any other characters. Each element MUST contain a element as defined in [SAML]. This SAML attribute element MUST have a Name attribute (specifying its type), MAY have other attributes, and MAY have zero or more child elements. A present SAML attribute with absent attribute value limits mapping to the type of SAML attribute that was used to obtain the value stored in the referenced certificate subject attribute or name form, without duplicating the actual attribute value. If an attribute value is present in the SAML attribute, then the value stored in the certificate in the referenced attribute or name form MAY differ in format and encoding from the present SAML attribute value. For example, a SAML attribute value can specify a country expressed as "Sweden", while this country value is stored in the certificate in a countryName attribute using the two letter country code "SE". Several elements MAY be present for the same certificate subject attribute or name form if the certificate contains multiple instances of this attribute or name form where their values were obtained from different SAML attributes. However, in such cases, it is not defined which present subject attribute or name form maps to which SAML attribute. A certificate-using application MAY attempt to determine this by comparing attribute values stored in this extension with attribute or name values present in the certificate, but this specification does not define any explicit matching rules that would guarantee an unambiguous result. The element may hold any number of child elements of type any (processContents="lax"), providing additional information according to local conventions. Any such elements MAY be ignored if not understood. Note: The element is designed to provide mapping between SAML attributes and certificate subject attributes and name forms where there is a distinct and clear relationship between relevant SAML attributes and corresponding certificate attributes and name forms. This does not cover all aspects of complex mapping situations. If more than one SAML attribute maps to the same certificate attribute or if structured multivalued attributes are split into a range of other attributes and name forms, these situations are not covered. Santesson Standards Track [Page 7] RFC 7773 Authentication Context Extension March 2016 Such complex mapping situations MAY be covered by extending this XML schema or by defining a more versatile context information schema. 4. Security Considerations This extension allows a CA to outsource the process used to identify and authenticate a subject to another trust infrastructure in a dynamic manner that may differ from certificate to certificate. Since the authentication context is explicitly declared in the certificate, one certificate may be issued with a lower level of assurance than another, even though both have the same Issuer. This means that a relying party needs to be aware of the certificate policy under which this CA operates in order to understand when the certificate provides a level of assurance with regard to subject authentication that is higher than the lowest provided level. A relying party that is not capable of understanding the information in the authentication context extension MUST assume that the certificate is issued using the lowest allowed level of assurance declared by the policy. 5. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3739] Santesson, S., Nystrom, M., and T. Polk, "Internet X.509 Public Key Infrastructure: Qualified Certificates Profile", RFC 3739, DOI 10.17487/RFC3739, March 2004, . [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, . [RFC5912] Hoffman, P. and J. Schaad, "New ASN.1 Modules for the Public Key Infrastructure Using X.509 (PKIX)", RFC 5912, DOI 10.17487/RFC5912, June 2010, . Santesson Standards Track [Page 8] RFC 7773 Authentication Context Extension March 2016 [SAML] Cantor, S., Kemp, J., Philpott, R., and E. Maler, "Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0", OASIS Standard, 15 March 2005. [XML] Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E., and F. Yergeau, "Extensible Markup Language (XML) 1.0 (Fifth Edition)", W3C Recommendation, 26 November 2008, . [Schema1] Thompson, H., Beech, D., Maloney, M., and N. Mendelsohn, "XML Schema Part 1: Structures", W3C Recommendation, 28 October 2004, . [Schema2] Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes", W3C Recommendation, 28 October 2004, . Santesson Standards Track [Page 9] RFC 7773 Authentication Context Extension March 2016 Appendix A. ASN.1 Modules This appendix includes the ASN.1 modules for the authentication context extension. Appendix B.1 includes an ASN.1 module that conforms to the 1998 version of ASN.1. Appendix B.2 includes an ASN.1 module, corresponding to the module present in Appendix B.1, that conforms to the 2008 version of ASN.1. Although a 2008 ASN.1 module is provided, the module in Appendix B.1 remains the normative module as per policy adopted by the PKIX working group for certificate-related specifications. A.1. ASN.1 1988 Syntax ACE-88 {iso(1) member-body(2) se(752) e-legnamnden(201) id-mod(0) id-mod-auth-context-88(1)} DEFINITIONS EXPLICIT TAGS ::= BEGIN -- EXPORTS ALL -- -- Authentication Context Extension AuthenticationContexts ::= SEQUENCE SIZE (1..MAX) OF AuthenticationContext AuthenticationContext ::= SEQUENCE { contextType UTF8String, contextInfo UTF8String OPTIONAL } e-legnamnden OBJECT IDENTIFIER ::= { iso(1) member-body(2) se(752) 201 } id-eleg-ce OBJECT IDENTIFIER ::= { e-legnamnden 5 } id-ce-authContext OBJECT IDENTIFIER ::= { id-eleg-ce 1 } END Santesson Standards Track [Page 10] RFC 7773 Authentication Context Extension March 2016 A.2. ASN.1 2008 Syntax ACE-08 {iso(1) member-body(2) se(752) e-legnamnden(201) id-mod(0) id-mod-auth-context-08(2)} DEFINITIONS EXPLICIT TAGS ::= BEGIN EXPORTS ALL; IMPORTS Extensions{}, EXTENSION FROM PKIX-CommonTypes-2009 -- From [RFC5912] {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}; -- Authentication Context Extension ext-AuthenticationContext EXTENSION ::= { SYNTAX AuthenticationContexts IDENTIFIED BY id-ce-authContext } AuthenticationContexts ::= SEQUENCE SIZE (1..MAX) OF AuthenticationContext AuthenticationContext ::= SEQUENCE { contextType UTF8String, contextInfo UTF8String OPTIONAL } ElegnamndenCertExtensions EXTENSION ::= { ext-AuthenticationContext, ... } e-legnamnden OBJECT IDENTIFIER ::= { iso(1) member-body(2) se(752) 201 } id-eleg-ce OBJECT IDENTIFIER ::= { e-legnamnden 5 } id-ce-authContext OBJECT IDENTIFIER ::= { id-eleg-ce 1 } END Santesson Standards Track [Page 11] RFC 7773 Authentication Context Extension March 2016 Appendix B. SAML Authentication Context Info XML Schema This appendix contains an XML schema ([Schema1] [Schema2]) for the SAML Authentication context information defined in Section 3. IMPORTANT NOTE: The XML Schema in Appendix B.1 specifies a URL on rows 9 and 10 to the SAML schemaLocation (http://docs.oasis-open.org/security/saml/v2.0/ saml-schema-assertion-2.0.xsd), which is too long to fit into one row and therefore contains a line break. This line break has to be removed before this schema can be successfully compiled. B.1. XML Schema Santesson Standards Track [Page 12] RFC 7773 Authentication Context Extension March 2016 Santesson Standards Track [Page 13] RFC 7773 Authentication Context Extension March 2016 Appendix C. SAML Authentication Context Info XML Examples This appendix provides examples of SAML Authentication Context information according to the schema in Appendix B. C.1. Complete Context Information and Mappings The following is a complete example with authentication context information as well as mapping information for several subject field attributes and a subject alt name. SE 200007292386 John Doe John Doe john.doe@example.com C.2. Only Mapping Information without SAML Attribute Values This example shows an instance of the SAML Authentication Context information that only provides a mapping table without providing any authentication context information or SAML attribute values. Santesson Standards Track [Page 15] RFC 7773 Authentication Context Extension March 2016 C.3. Authentication Context and serialNumber Mapping This example shows an instance of the SAML Authentication Context information; it provides authentication context information and mapping information that specifies the source of the data stored in the serialNumber attribute in the subject field. 200007292386 Author's Address Stefan Santesson 3xA Security AB Scheelev. 17 223 70 Lund Sweden Email: sts@aaa-sec.com Santesson Standards Track [Page 16]