OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: SSO best practices for IdPs?


We're a SP supporting a number of IdPs of varying levels of technical sophistication.

We'd like to draw up guidelines to request that our IdPs follow in order to minimize security risks on the IdP side.

Can anyone point me to security guidelines / best practices for SSO?
Does anyone know of consultants to recommend who could advise on this?

We'd like to address issues such as:

- Security requirements around identity management.
- Practices to adhere to if implementing a home-grown / open source solution.
- Possibly, guidelines around commercial solutions.

- Any other issues that ought to be addressed?

Thanks very much,
Peter Spiro

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]