Subject: RE: [security-services] Article: Debunking SAML myths and misunderstandings
I can provide some context for this article. The author, Frank Cohen, was the moderator for a talk on SAML that I gave in February at the Web Services SIG of the Software Development Forum. Frank developed his paper from the talk and his recollection of the discussion. Some of the seemingly odd topics can be traced to questions that came up, for example, the topic “Misunderstanding: Canonicalization in XML Signatures is not needed.” came from my attempts to convince a skeptical member of the audience that canonicalization was indeed needed for XML Signatures.
Frank sent me a draft of the paper for review and I gave him a number of comments and corrections. I did not see the final draft before it was published. In looking over the final paper I see he took some of my corrections but not others.
The article mentioned on the call...