shibboleth-dev - Re: [Shib-Dev] Return of the Java SP... again
Subject: Shibboleth Developers
List archive
- From: Nate Klingenstein <>
- To:
- Subject: Re: [Shib-Dev] Return of the Java SP... again
- Date: Thu, 26 Aug 2010 05:10:17 +0000
Jim,
They're encrypted for both legs of the transaction, but because there is no encryption of the response or assertion themselves, the attributes pass through the browser and the client in cleartext. Some have concerns about malware, privacy on shared computers, or the sharing of attributes that were not meant to be revealed to the principal. I find such concerns understandable, myself.
Take care,
Nate.
On 2010-08-26 04:43, Jim Fox wrote:
I have never understood this concern. If one uses https always aren't the
pushed attributes encrypted?
Jim
- RE: [Shib-Dev] Return of the Java SP... again, (continued)
- RE: [Shib-Dev] Return of the Java SP... again, Scott Cantor, 08/28/2010
- Re: [Shib-Dev] Return of the Java SP... again, Alistair Young, 08/29/2010
- Re: [Shib-Dev] Return of the Java SP... again, Alistair Young, 08/29/2010
- Re: [Shib-Dev] Return of the Java SP... again, Chad La Joie, 08/29/2010
- RE: [Shib-Dev] Return of the Java SP... again, Scott Cantor, 08/29/2010
- Re: [Shib-Dev] Return of the Java SP... again, Alistair Young, 08/29/2010
- RE: [Shib-Dev] Return of the Java SP... again, Scott Cantor, 08/28/2010
- Re: [Shib-Dev] Return of the Java SP... again, Chad La Joie, 08/25/2010
- RE: [Shib-Dev] Return of the Java SP... again, Scott Cantor, 08/25/2010
- Re: [Shib-Dev] Return of the Java SP... again, Chad La Joie, 08/25/2010
- Re: [Shib-Dev] Return of the Java SP... again, Jim Fox, 08/26/2010
- Re: [Shib-Dev] Return of the Java SP... again, Nate Klingenstein, 08/26/2010
- [Shib-Dev] Possible to provide shib-common/opensaml snapshots as well?, Halm Reusser, 08/26/2010
- Re: [Shib-Dev] Return of the Java SP... again, Ian Young, 08/26/2010
- Re: [Shib-Dev] Return of the Java SP... again, Nate Klingenstein, 08/26/2010
- Re: [Shib-Dev] Return of the Java SP... again, Jim Fox, 08/26/2010
- Re: [Shib-Dev] Return of the Java SP... again, Ian Young, 08/26/2010
- Re: [Shib-Dev] Return of the Java SP... again, Chad La Joie, 08/26/2010
- Re: [Shib-Dev] Return of the Java SP... again, Chad La Joie, 08/25/2010
- Re: [Shib-Dev] Return of the Java SP... again, Paul Hethmon, 08/25/2010
- Re: [Shib-Dev] Return of the Java SP... again, Peter Schober, 08/25/2010
- RE: [Shib-Dev] Return of the Java SP... again, Scott Cantor, 08/25/2010
- RE: [Shib-Dev] Return of the Java SP... again, Scott Cantor, 08/25/2010
Archive powered by MHonArc 2.6.16.