Understanding the Session Fixation Attack on UMA Claims-Gathering and the Provided Mitigation
Info |
---|
This non-normative companion to the security extension specification has not yet been reviewed. |
Table of Contents |
---|
On January 27, 2016, an issue was reported that identified a vulnerability in the UMA protocol. The UMA Work Group immediately set about analyzing the attack, possible mitigations under consideration, and similar cases; choosing an optimal mitigation; and developing specification text (add link) defining that mitigation. This companion non-normative document provides additional background information.
...