[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] How does an artifact issuer "authenticate" the sender of the <ArtifactResolve> message?
> Perhaps one of the things we should do in a future release is to > add an element in the assertion indicating how the assertion > was to be delivered. This would reduce the usefulness > of a MiTM getting an assertion as they could no longer use it > in a non-artifact delivery. Yeah, I can see how that would have been one useful aspect of the old artifact subject confirmation, and I considered proposing to add that back late in the process once the binding/profile split had been re-worked to my satisfaction. If that was the primary reason for having it originally, I missed it, sorry. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]