...
The mitigation involves requiring the AS to return a ticket value to the client after completing its claims-gathering interaction with the requesting party (who may be a phishing victim) that is not the same as the ticket value the client originally gave to it, but rather a new securely random value. The mitigation also involves requiring the AS to invalidate the original ticket received. This has the effect of adding entropy to the round-trip permission ticket cycle during the claims-gathering flow, foiling an attacker's ability to know all the information necessary to simulate a true requesting party's post-claims-gathering messages in step 7 in the attack sequence.
As the Work Group works on its 2016 roadmap items, it will take into consideration how to fold this and any other extension specifications into future versions of the main UMA specifications.
Discussion
Other technically suitable solutions were examined and rejected.
...