[Specs-cx] SAML Artifact and sig

John Bradley john.bradley at wingaa.com
Wed Sep 16 14:31:24 UTC 2009


I need to have a look at it.  I don't qualify as an expert on SAML  
artifact binding.

I suspect the risk is mitigated elsewhere in the flow through mutual  
TLS etc.

Aren't you the Liberty/Kantara guy at DIDW with all of the SAML people?

It is a good question.

John B.
On 2009-09-16, at 9:42 AM, Nat wrote:

> Hi John,
>
> It seems you do not have signature over the artifact message through  
> browser in SAML. What was the justification for it?
>
> =nat at Tokyo via iPhone



More information about the Specs-cx mailing list