OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: destination-side enforcement of one-time artifact use

In the Toronto F2F minutes (and in the current draft of the SSTC Response to
Thomas Grosz's paper) we state that we plan to add destination-side
enforcement of one-time artifact use. 

I believe this text is currently absent from Section 4 (SSO Profiles of
SAML) of profiles-cd-01a. I propose the inclusion of the following text in
Section 4.1.4.4):

The service provider MUST ensure that an artifact value is not replayed.
This may be achieved by maintaining a table of artifact values. Artifact
values need only be entered into the table for the period of time during
which the corresponding assertion (i.e., assertion obtained by dereferencing
the artifact) is valid.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]