[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] NIST prohibits use of SAML assertions atLOA 4
more generally, rather than pick on SAML, the policy should preclude
'browser redirect SSO systems that rely on bearer tokens'
paul
Cahill, Conor P wrote:
>> Well, it's interpreted in light of the fact that browsers cannot
>>
> perform
>
>> proof operations with SAML assertions. What they want is not PKI in
>> general, but PKI between the relying party and the client. More than a
>> bearer token, in other words. There's plenty to be said for that
>>
> argument.
>
> Yeah, but then they should be saying that they don't allow the browser
> SSO
> profile rather than disallowing the assertions.
>
> Conor
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail. You may a link to this group and all your TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
>
>
--
Paul Madsen e:paulmadsen @ ntt-at.com
NTT p:613-482-0432
m:613-282-8647
aim:PaulMdsn5
web:connectid.blogspot.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]