OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Groups - sstc-saml-sec-consider-2.0-draft-04-diff.pdf uploaded

The document sstc-saml-sec-consider-2.0-draft-04-diff.pdf has been submitted by Frederick Hirsch (frederick.hirsch@nokia.com) to the OASIS Security Services TC document repository.

Document Description:
Incorporated feedback from John Linn, added references for SSL, OCSP and XKMS, added reference to Liberty Privacy and Security best practices, fixed links. Rewrote SOAP Binding Message Insertion threat section (6.1.3), Revised 6.4.1, authentication assertion required in POST binding for non SSO-profile to allow timely subject confirmation.  Revised 6.4.4. browser state exposure not to require SSO assertion but should have OneTimeUse assertion conditions element.  Removed requirement for SSO assertion in 6.5.1 stolen artifact discussion. Revised SSO threat/countermeasures to mention binding discussion.  Provided countermeasure for message deletion in  Added cookie poisoning note to IDP Discovery profile. Added collusion threat and countermeasure to Name Identifier profile 7.2. Removed extra detail from NaimeIdentifier and Attribute Profile sections.  Provided summary section 8, mentioning out of scope issues and purpose of document. Various editorial fixes.

A PDF without change bars is also available at

OpenOffice source uploaded at

PDF with Diff marks:

Download Document:  

View Document Details:

PLEASE NOTE:  If the above links do not work for you, your email application
may be breaking the link into two pieces.  You may be able to copy and paste
the entire link address into the address field of your web browser.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]