1st of 2 messages from Approach
Belgium.
Hal
From: marc.stern@approach.be [mailto:marc.stern@approach.be]
Sent: Tuesday, September 02, 2008
10:40 AM
To: hal.lockhart@oracle.com;
bcampbell@pingidentity.com; paulmadsen@ntt-at.com; robert.philpott@rsa.com;
eve.maler@sun.com; jamie.clark@oasis-open.org
Subject: SAML 2.0 and Man in the
Middle attacks
Hello,
I am currently leading the technical part of a big European project (http://www.eid-stork.eu/) targeting
federated identity between EU countries.
We are obviously looking at SAML, but we have a major concern, as it is not
immune at all against MITM attacks.
Several countries are in favor of developing an alternative protocol (like
TLS-Federation - ), but I would like to check with you if this problem was ever
tackled.
Did you provide any work on this ?
Could this be solved by any way ?
How does it integrate with CardSpace ? Could such a combination solve the
problem ?
Thank you
--
Marc Stern
Senior Consultant - Security Group Head
Approach Belgium
- http://www.approach.be
Avenue Einstein, 2A - B-1348
Louvain-la-Neuve - Belgium
Tel: +32 10 83 21 36 - GSM: +32 475 68 29 10
- Fax: +32 10 83 22 55 - LinkedIn
Disclaimer_____________________________________________________________________________
1. This message is intended for the use of the addressee only and may contain
information that is privileged and confidential.
2. If you are not the intended recipient, you are notified that any
dissemination of this Communication is strictly prohibited.
3. If you have received this communication in error, please notify us
immediately by return of this e-mail.
4. E-mail quotations and proposals are for information only, and are subject to
confirmation by the Signature of the appropriate contractual documentation by
the authorized persons or both