OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Artifact binding -- Most effective binding against DOS attacks

Hi all.

Just wanted to ask your opinion about following statement. I think that
artifact based binding has the highest chances to be effectively secured
against DOS attacks. Since, when an IdP received an artifact, which comes
from an malicious SP, and tries to contat her in order to retrieve the corresponding
message using SOAP binding, she will use SSL/TLS with bilateral authentication,
clearly, if she looks up the identitied of the available parties then, requests from
malicious SPs will be blocked (i.e. IdP wont receive SAML 2.0 messages from
them, just artifacts). With POST and GET bindings, IdP is forced to process
a SAML 2.0 message before she can take any action for protecting against DOS.
Does what I wrote make sense?



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]