[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] NIST prohibits use of SAML assertions at LOA 4
> Well, it's interpreted in light of the fact that browsers cannot perform > proof operations with SAML assertions. What they want is not PKI in > general, but PKI between the relying party and the client. More than a > bearer token, in other words. There's plenty to be said for that argument. Yeah, but then they should be saying that they don't allow the browser SSO profile rather than disallowing the assertions. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]