OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Question about the HoK Web Broswer SSO Profile

The HoK Web Browser SSO Profile stresses how using a cryptographic confirmation method is much more secure than the original browser profiles. However, What are the potential benefits of using this Profile as compared to not using SAML at all and simply using a TLS enabled Browser and Server? Here is my thinking so far, can anyone add to my list?

1. A SAML Attribute Statement can be carried in the Assertion, thus allowing attributes to be associated with the authenticated identity.

2. If only server certificates are being used, the IDP could perform the Authnetication for the SP. The SP will still have to know how to do TLS, but not, for example how to validate a hardware token.

Any others?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]