I wanted to respond to this comment (sorry it's a few months later) to say that those security considerations are important but I believe they are already covered by the normative language in the SAML-bearer spec as well as the references to the SAML Core and the SAML Security and Privacy Considerations.
On Wed, Mar 23, 2011 at 12:11 PM, Peter Saint-Andre <stpe...@stpeter.im> wrote: > <hat type='AD'/> > ... > 6. It's nice to see the security considerations about attacks on tokens. > Perhaps we need a similar section in the SAML-bearer spec. > ... _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
