Understanding the Session Fixation Attack on UMA Claims-Gathering and the Provided Mitigation

On January 27, 2016, an issue was reported that identified a vulnerability in the UMA protocol. The UMA Work Group immediately set about analyzing the attack, possible mitigations under consideration, and similar cases; choosing an optimal mitigation; and developing specification text (add link) defining that mitigation. This companion non-normative document provides additional background information.

...