OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: FW: Congratulations on a great paper ("On Breaking SAML" at the 21st Usenix Security Symposium)


FYI.
__________________________________________


-----Original Message-----
From: Juraj Somorovsky [mailto:juraj.somorovsky@rub.de]
Sent: Wednesday, September 12, 2012 9:44 AM
To: Thomas Hardjono
Cc: Joerg.Schwenk@rub.de; Marco.Kampmann@rub.de; Andreas.Mayer@wuerth.com; OASIS SSTC; Nate Klingenstein
Subject: Re: Congratulations on a great paper ("On Breaking SAML" at the 21st Usenix Security Symposium)

Dear Thomas, dear Nate,

thanks a lot this email.

If you have any questions regarding our paper or need some support for thwarting those attacks within the SAML standard, please contact us. We are glad to discuss countermeasures...

Thanks
Best Regards
Juraj

On 09/11/2012 04:14 PM, Thomas Hardjono wrote:
>
>
> Dear Professors Somorovsky, Mayer, Schwenk, Kampmann, and Jensen,
>
> We would like to congratulate you on your excellent paper ("On
> Breaking SAML" at the 21st Usenix Security Symposium) regarding
> weaknesses found in a number of SAML 2.0 implementations.
>
> The OASIS Security Services Technical Committee (SSTC), which is the
> home of the SAML 2.0 standard, has been paying close attention to this
> paper. Practically applying the wrapping technique was a major step
> forward in understanding and addressing this problem in the context of
> SAML, and  we applaud your efforts in diligently investigating and
> working with so many implementations to fix these issues.
>
> Although these attacks do not represent corresponding flaws in the
> SAML
> 2.0 standard as such, we believe it shows an insufficient level of
> quality in implementations, and reflects on needed improvements in the
> standard which we hope to make soon (and have already included in
> errata in some cases).
>
> Again, congratulations on the great work.
>
> Regards.
>
> Thomas Hardjono & Nate Klingenstein
> SSTC Co-Chairs
> on behalf of OASIS SSTC.
>
>
>
>
>
> __________________________________________
> Thomas Hardjono
> email:  hardjono[at]mit.edu
> mobile: +1 781-729-9559
> __________________________________________
>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]