[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Resend: draft-sstc-sec-consider-01
I have a comment on section 5.2.1.4. I'm under the impression that instead of solving the problem of replay attack in the non-SSL transport case, SAML is saying "Well, it's a problem." The solution is simply to add IssueInstant (perhaps optionally) to Request (and perhaps Response). This bounds the ID-based replay cache to a short period and solves the problem (to the extent that it's solvable). Is there a reason for not doing this? -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC