[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] BPP vs BAP for SAML 1.1
> One doesn't have to use mutual SSL authn when using BAP. Some of our > customers use HTTP BASIC Auth over server-side SSL. Yikes, if you don't mind my saying so. ;-) > Ummm... sure - you want to probably sign assertions if you're fwd'ing. > However, in BPP, it's the responses being signed and also, the web SSO > assertion isn't one you should be forwarding anyway. Yes, and both are problems with 1.1 that I think 2.0 needs to fix (so perhaps be prepared to not like my proposal). ;-) -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]