Why is it important to sign SAML Assertions? Why is it not important to sign OAuth Access Tokens?
What will be an ideal response?
SAML
Assertions
contain
information
about
a
user
or
system,
with
an
access
control
decision
being
made
based
on
that
information.
A
modified
SAML
Assertion
can
therefore
result
in
a
change
in
access;
requiring
a
valid
signature
mitigates
this
possibility.
OAuth
Access
Tokens
are
essentially
keys
that
need
to
be
protected
from
disclosure.
Modifying
OAuth
Access
Tokens
accomplishes
nothing,
so
signatures
are
unnecessary.
You might also like to view...
What must a developer establish in order to support long-term configuration management?
Fill in the blank(s) with the appropriate word(s).
The DBMS works directly with the data and sends the results of operations back to the ____________.
a. application b. data c. DBMS d. CPU
What are the unique characteristics of cleanroom software engineering techniques?
What will be an ideal response?
When using an insertion sort, each list element is examined one at a time and moved down if the tested element should be inserted before them.
Answer the following statement true (T) or false (F)