[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] NIST prohibits use of SAML assertions atLOA 4
more generally, rather than pick on SAML, the policy should preclude 'browser redirect SSO systems that rely on bearer tokens' paul Cahill, Conor P wrote: >> Well, it's interpreted in light of the fact that browsers cannot >> > perform > >> proof operations with SAML assertions. What they want is not PKI in >> general, but PKI between the relying party and the client. More than a >> bearer token, in other words. There's plenty to be said for that >> > argument. > > Yeah, but then they should be saying that they don't allow the browser > SSO > profile rather than disallowing the assertions. > > Conor > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. You may a link to this group and all your TCs in OASIS > at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > > > -- Paul Madsen e:paulmadsen @ ntt-at.com NTT p:613-482-0432 m:613-282-8647 aim:PaulMdsn5 web:connectid.blogspot.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]