[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: phishing the DS protocol
The Identity Provider Discovery Service Protocol and Profile talks about the dangers of phishing attacks and how metadata can mitigate this threat. However, it stops short of specifying that the DS MUST ensure by some means (metadata or otherwise) that the location specified in the return parameter is in fact associated with the requester given by the entityID parameter. Am I missing something? Thanks, Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]