RE: Liberty Alliance/WS-Federation

["Andy Gordon" <adg () microsoft com>]

Hi, see http://www.zurich.ibm.com/security/identities/ for some papers
by IBM Research Zurich on Liberty and related specs; they found some
bugs.

Andy Gordon
MSR Samoa Project
http://Securing.WS 

> -----Original Message-----
> From: ACMurray () cmp com [mailto:ACMurray () cmp com]
> Sent: 07 June 2004 21:10
> To: webappsec () securityfocus com
> Subject: Liberty Alliance/WS-Federation
>
>
>
>
>
> Hi All,
>
> I'm working on an article about the risks of federated identity
management
> systems (Liberty Alliance and WS-Federation). Does anyone know of
research
> being
> done on potential flaws, vulnerabilities or exploits in these systems?
>
> Also, if anyone is working on deploying a federated identity system
using
> Liberty or WS-Fed frameworks, I'd like to interview you for the
article.
> You can
> call or reply to my work e-mail, listed below.
>
> Thanks,
> Andrew Conry-Murray
> Technology Editor
> Network Magazine
> acmurray () cmp com
> (415) 947-6342
________________________________________________________________________
__
> ________________
>
> Any views or opinions are solely those of the author and do not
> necessarily
> represent those of CMP Media.
>
> The information transmitted is intended only for the person or entity
to
> which
> it is addressed and may contain confidential and/or privileged
material.
> If you
> are not the intended recipient of this message please do not read,
copy,
> use or
> disclose this communication and notify the sender immediately.  It
should
> be
> noted that any review, retransmission, dissemination or other use of,
or
> taking
> action or reliance upon, this information by persons or entities other
> than the
> intended recipient is prohibited.
________________________________________________________________________
__
> ________________