OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] Minutes for SSTC Telecon (18 Oct 2011)


On 10/18/11 1:07 PM, "Nguyenphu, Thinh (NSN - US/Irving)"
<thinh.nguyenphu@nsn.com> wrote:
>
>-	New security paper: Scott and Hall reported on new security
>paper from Germany. New security paper published from Germany, which
>identify potential SAML security risk.

No, it identifies an XML Encryption issue.

>  The security paper, How to break
>XML encryption, will be presented at ACM conference CCS 2011.  The paper
>documented some new techniques of attach SAML security assertion.

Only indirectly. It says nothing about SAML.

> It may
>provides some recommendation to mitigate the problem.

No, we have to provide recommendations in SAML to mitigate the issues with
XML Encryption.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]