OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Congratulations on a great paper ("On Breaking SAML" at the 21st Usenix Security Symposium)



Dear Professors Somorovsky, Mayer, Schwenk, Kampmann, and Jensen,

We would like to congratulate you on your excellent paper ("On Breaking 
SAML" at the 21st Usenix Security Symposium) regarding weaknesses found 
in a number of SAML 2.0 implementations.

The OASIS Security Services Technical Committee (SSTC), which is the 
home of the SAML 2.0 standard, has been paying close attention to this 
paper. Practically applying the wrapping technique was a major step 
forward in understanding and addressing this problem in the context of 
SAML, and  we applaud your efforts in diligently investigating and 
working with so many implementations to fix these issues.

Although these attacks do not represent corresponding flaws in the SAML 
2.0 standard as such, we believe it shows an insufficient level of 
quality in implementations, and reflects on needed improvements in the 
standard which we hope to make soon (and have already included in errata 
in some cases).

Again, congratulations on the great work.

Regards.

Thomas Hardjono & Nate Klingenstein
SSTC Co-Chairs
on behalf of OASIS SSTC.





__________________________________________
Thomas Hardjono
email:  hardjono[at]mit.edu
mobile: +1 781-729-9559
__________________________________________

Attachment: smime.p7s
Description: S/MIME cryptographic signature



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]