assurance - Re: [Assurance] Addressing InCommon IAP & Shibboleth IdP
Subject: Assurance
List archive
- From: "Cantor, Scott" <>
- To: "" <>
- Subject: Re: [Assurance] Addressing InCommon IAP & Shibboleth IdP
- Date: Wed, 8 Aug 2012 17:28:07 +0000
- Accept-language: en-US
On 8/8/12 1:16 PM, "Russell J Yount"
<>
wrote:
>
>Shouldn¹t the scenarios of an attacker creating a cookie and its
>contents, places it in the browser cache, then visits the IDP which
>recognizes the cookie
> as a valid session be addressed also?
>
>SSL only addresses the security of the communications between browser and
>IdP. There are other techniques employed to prevent the use of a
>non-IdP created
> cookie that could fool the IdP into believing the browser has an
>authenticated session.
Which ones do you think should be required? What if a product out there
doesn't do some of them? I ask that because I know it's true.
It's a somewhat dangerous road to go down, that's all I'm saying.
-- Scott
- [Assurance] Addressing InCommon IAP & Shibboleth IdP, Russell J Yount, 08/08/2012
- Re: [Assurance] Addressing InCommon IAP & Shibboleth IdP, Cantor, Scott, 08/08/2012
- RE: [Assurance] Addressing InCommon IAP & Shibboleth IdP, Roy, Nicholas S, 08/08/2012
- RE: [Assurance] Addressing InCommon IAP & Shibboleth IdP, Jim Green , 08/08/2012
- Message not available
- Re: [Assurance] Addressing InCommon IAP & Shibboleth IdP, Brett Bieber, 08/08/2012
- RE: [Assurance] Addressing InCommon IAP & Shibboleth IdP, Roy, Nicholas S, 08/08/2012
- Re: [Assurance] Addressing InCommon IAP & Shibboleth IdP, Michael R. Gettes, 08/08/2012
- RE: [Assurance] Addressing InCommon IAP & Shibboleth IdP, Roy, Nicholas S, 08/08/2012
- Message not available
- RE: [Assurance] Addressing InCommon IAP & Shibboleth IdP, Russell J Yount, 08/08/2012
- Re: [Assurance] Addressing InCommon IAP & Shibboleth IdP, Cantor, Scott, 08/08/2012
- RE: [Assurance] Addressing InCommon IAP & Shibboleth IdP, Russell J Yount, 08/08/2012
- Re: [Assurance] Addressing InCommon IAP & Shibboleth IdP, Cantor, Scott, 08/08/2012
- RE: [Assurance] Addressing InCommon IAP & Shibboleth IdP, Russell J Yount, 08/08/2012
- Re: [Assurance] Addressing InCommon IAP & Shibboleth IdP, Cantor, Scott, 08/08/2012
Archive powered by MHonArc 2.6.16.