[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Seeking clarity on the SubjectConfirmation element
On 6/6/06, Costello, Roger L. <costello@mitre.org> wrote: > > Question #2: does it make sense to use the SubjectConfirmation element in a > WebBrowserSSO profile? In the case of SSO, the SubjectConfirmation MUST be bearer. https://authdev.it.ohio-state.edu/twiki/bin/view/Shibboleth/SubjectConfirmation > Suppose that the presenter has a stolen > assertion as I describe above; the SP would be taking a big risk by not > reauthenticating the presenter, correct? Read the "Security and Privacy Considerations" document. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]