[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] BPP vs BAP for SAML 1.1
The other thing to keep in mind here is that as customers increase their desire to use assertions as forwardable or exchangeable credentials for other services, they all (usually) have to be signed. Liberty also found that client side SSL support on some platforms was harder than doing DSIG, and that's why they always sign assertions, even with the artifact profile. I personally think the biggest drawback to POST is the privacy leakage if the assertions contain personal data. It's not a huge problem in most cases, but it's the one thing to really be aware of from a security/privacy standpoint. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]