OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Token binding

On 8/30/16, 1:50 PM, "John Bradley" <ve7jtb@ve7jtb.com> wrote:

>    I am happy to contribute to standardizing it for SAML as well.   
>    I can’t say that it will be on Pings short term roadmap for SAML unless other SAML
> implementations pick it up.

There are various ways it might be done, so I would prefer other implementers planning to do it provide feedback on what they'd prefer.

As an example, we could obviously use SubjectConfirmation (either exclusively or in addition to Bearer), but if people tell me that their implementations (incorrectly) fail on multiple confirmations, then that's maybe not ideal.

Shibboleth is likely to support both SubjectConfirmation and the ChannelBinding extension eventually.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]