OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Using SAML Artifacts in the WSS SAML Token Profile

So, I'm looking at the latest SAML Token Profile document for the WSS and though it worth mentioning that we consider documenting how one would use a SAML artifact as a bearer token.   

The main benefit from the artifact model is that the assertion is only seen by the recipient rather than going through a third party (and thus being subject to offline analysis and attack).  Yes, you can save space and not sign assertions as well, but I think the restricting the visibility of the assertion to just the recipient is even stronger. 

Of course, this probably isn't much use with other confirmation methods.

Is there other interest in doing so?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]