[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Congratulations on a great paper ("On Breaking SAML" at the 21st Usenix Security Symposium)
Dear Professors Somorovsky, Mayer, Schwenk, Kampmann, and Jensen, We would like to congratulate you on your excellent paper ("On Breaking SAML" at the 21st Usenix Security Symposium) regarding weaknesses found in a number of SAML 2.0 implementations. The OASIS Security Services Technical Committee (SSTC), which is the home of the SAML 2.0 standard, has been paying close attention to this paper. Practically applying the wrapping technique was a major step forward in understanding and addressing this problem in the context of SAML, and we applaud your efforts in diligently investigating and working with so many implementations to fix these issues. Although these attacks do not represent corresponding flaws in the SAML 2.0 standard as such, we believe it shows an insufficient level of quality in implementations, and reflects on needed improvements in the standard which we hope to make soon (and have already included in errata in some cases). Again, congratulations on the great work. Regards. Thomas Hardjono & Nate Klingenstein SSTC Co-Chairs on behalf of OASIS SSTC. __________________________________________ Thomas Hardjono email: hardjono[at]mit.edu mobile: +1 781-729-9559 __________________________________________
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]