OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: Update: Contributed doc. browser bindings incl. Shibboleth


I would also view with great concern the use
of Javascript. The security holes in the interaction
between web browsers and Javascript are innumerable and continue
to pop up every now and then. Take a look at

   http://polaris.umuc.edu/~mgaylor/jssecurity.html

or indeed please search from google with the search pattern

	+security +javascript


Certainly, many people would be concerned by
its inclusion in a standard. I would argue that the
SAML web browser profile should work with all scripting
at the web browser turned off.


- prateek


>>
>>> To what extent are they standard? 
>>
>>It is an advanced use of existing standards including HTTP/S
>>Base64, JavaScript, XML, PKI and HTML forms. 
>>
>>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC