OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] List of possible implementation features forSAML 2.0


> In fact, here is a different position altogether: remove the GET part
> completely and retain only the POST delivery method. This limits the
> implementations to just one form and avoids the "referrer" issue.

I think we'd get push back (in fact I know we would), since one of the
primary advantages of artifact is the use of a redirect without requiring
JavaScript to automate the delivery.

It simply bears noting that it's a bit less secure, though also mitigated by
other additions, like the replay detection at SP.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]