OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] BPP vs BAP for SAML 1.1

The other thing to keep in mind here is that as customers increase their
desire to use assertions as forwardable or exchangeable credentials for
other services, they all (usually) have to be signed.

Liberty also found that client side SSL support on some platforms was harder
than doing DSIG, and that's why they always sign assertions, even with the
artifact profile.

I personally think the biggest drawback to POST is the privacy leakage if
the assertions contain personal data. It's not a huge problem in most cases,
but it's the one thing to really be aware of from a security/privacy
standpoint.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]