[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Groups - sstc-saml-sec-consider-2.0-draft-04-diff.pdf uploaded
The document sstc-saml-sec-consider-2.0-draft-04-diff.pdf has been submitted by Frederick Hirsch (firstname.lastname@example.org) to the OASIS Security Services TC document repository. Document Description: Incorporated feedback from John Linn, added references for SSL, OCSP and XKMS, added reference to Liberty Privacy and Security best practices, fixed links. Rewrote SOAP Binding Message Insertion threat section (6.1.3), Revised 6.4.1, authentication assertion required in POST binding for non SSO-profile to allow timely subject confirmation. Revised 6.4.4. browser state exposure not to require SSO assertion but should have OneTimeUse assertion conditions element. Removed requirement for SSO assertion in 6.5.1 stolen artifact discussion. Revised SSO threat/countermeasures to mention binding discussion. Provided countermeasure for message deletion in 126.96.36.199. Added cookie poisoning note to IDP Discovery profile. Added collusion threat and countermeasure to Name Identifier profile 7.2. Removed extra detail from NaimeIdentifier and Attribute Profile sections. Provided summary section 8, mentioning out of scope issues and purpose of document. Various editorial fixes. A PDF without change bars is also available at http://www.oasis-open.org/apps/org/workgroup/security/download.php/7552/sstc-saml-sec-consider-2.0-draft-04.pdf OpenOffice source uploaded at http://www.oasis-open.org/apps/org/workgroup/security/download.php/7551/sstc-saml-sec-consider-2.0-draft-04.sxw PDF with Diff marks: Download Document: http://www.oasis-open.org/apps/org/workgroup/security/download.php/7553/sstc-saml-sec-consider-2.0-draft-04-diff.pdf View Document Details: http://www.oasis-open.org/apps/org/workgroup/security/document.php?document_id=7553 PLEASE NOTE: If the above links do not work for you, your email application may be breaking the link into two pieces. You may be able to copy and paste the entire link address into the address field of your web browser.