shibboleth-dev - RE: SAML Artifact attribute
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: SAML Artifact attribute
- Date: Mon, 1 May 2006 10:50:56 -0400
- Organization: The Ohio State University
> I only know of the Gross paper (2003) referenced on the OASIS SSTC
> home page. Is there another?
A new one showed up, yes. This one actually avoids wasting as much time on
"gee, without SSL this isn't secure" and focuses on suggesting improvements,
but since I think use of artiact is shrinking commercially, I'm not sure if
anything will ever be changed or not.
Personally, I think it's a non-issue. Most attacks will be mounted against
the session at the SP, not the transfer. Ignoring that in the analysis just
seems odd to me.
-- Scott
- Re: SAML Artifact attribute, Ian Young, 05/01/2006
- RE: SAML Artifact attribute, Scott Cantor, 05/01/2006
- Re: SAML Artifact attribute, Tom Scavo, 05/01/2006
- RE: SAML Artifact attribute, Scott Cantor, 05/01/2006
- Re: SAML Artifact attribute, Ian Young, 05/02/2006
- Re: SAML Artifact attribute, Tom Scavo, 05/01/2006
- <Possible follow-up(s)>
- Re: SAML Artifact attribute, Tom Scavo, 05/01/2006
- RE: SAML Artifact attribute, Scott Cantor, 05/01/2006
- Re: SAML Artifact attribute, Tom Scavo, 05/01/2006
- RE: SAML Artifact attribute, Scott Cantor, 05/01/2006
- Re: SAML Artifact attribute, Tom Scavo, 05/01/2006
- RE: SAML Artifact attribute, Scott Cantor, 05/01/2006
- RE: SAML Artifact attribute, Scott Cantor, 05/01/2006
Archive powered by MHonArc 2.6.16.