[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Update: Contributed doc. browser bindings incl. Shibboleth
I would also view with great concern the use of Javascript. The security holes in the interaction between web browsers and Javascript are innumerable and continue to pop up every now and then. Take a look at http://polaris.umuc.edu/~mgaylor/jssecurity.html or indeed please search from google with the search pattern +security +javascript Certainly, many people would be concerned by its inclusion in a standard. I would argue that the SAML web browser profile should work with all scripting at the web browser turned off. - prateek >> >>> To what extent are they standard? >> >>It is an advanced use of existing standards including HTTP/S >>Base64, JavaScript, XML, PKI and HTML forms. >> >>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC