[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Adding channel bindings to signed SAML Requests
> I was always under the impression that one advantage of SAML (un-CB) was > that the signed SAML assertions are independent objects, regardless of > underlying transport. They are. This is about the protocol, primarily, or about a client/server connection. > However, I do see that in some cases having proof of binding to a transport > like TLS is required. I'm not generally trying to bind the assertion itself to the transport. The only reason I even allowed for putting anything in the assertion was because of the "unsigned response, signed assertion" pattern that's fairly common in SSO. > Hmmm, not to open a can of worms, but could I then use the SAML > Request/Response (with CB) to build a key-negotiation protocol for a higher > layer app? Probably. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]