Why is it important to sign SAML Assertions? Why is it not important to sign OAuth Access Tokens?
What will be an ideal response?
SAML Assertions contain information about a user or system, with an access control decision being made based on that information. A modified SAML Assertion can therefore result in a change in access; requiring a valid signature mitigates this possibility. OAuth Access Tokens are essentially keys that need to be protected from
disclosure. Modifying OAuth Access Tokens accomplishes nothing, so signatures are unnecessary.
Computer Science & Information Technology
You might also like to view...
As with other variables, an array declared as a class-level variable is visible to all procedures within the class.
Answer the following statement true (T) or false (F)
Computer Science & Information Technology
Explain why an attacker typically uses an ACK scan to bypass a firewall?
What will be an ideal response?
Computer Science & Information Technology