OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] NIST prohibits use of SAML assertions atLOA 4

more generally, rather than pick on SAML, the policy should preclude 
'browser redirect SSO systems that rely on bearer tokens'


Cahill, Conor P wrote:
>> Well, it's interpreted in light of the fact that browsers cannot
> perform
>> proof operations with SAML assertions. What they want is not PKI in
>> general, but PKI between the relying party and the client. More than a
>> bearer token, in other words. There's plenty to be said for that
> argument.
> Yeah, but then they should be saying that they don't allow the browser
> profile rather than disallowing the assertions. 
> Conor
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 

Paul Madsen            e:paulmadsen @ ntt-at.com
NTT                    p:613-482-0432

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]