OpenSSO Enterprise Solution: Modification of Profile Attributes (Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide)

Sun OpenSSO Enterprise 8.0 Installation and Configuration Guide

Previous: OpenSSO Enterprise Solution: A Less Secure Application
Next: Key Aspects of the OpenSSO Enterprise Solution: Cookie Hijacking Security Issues

OpenSSO Enterprise Solution: Modification of Profile Attributes

The security issue labeled “Security Issue: Access to User Profile Attributes” in this chapter pertains to the threat posed by an untrusted application modifying the profile attributes of the user. The OpenSSO Enterprise solution to this issue does not change the SSO token. The restricted SSO token is similar to the regular SSO token ID. However, the set of Session Service operations that accept restricted SSO token IDs is limited. This functionality enables OpenSSO Enterprise to prevent applications from modifying profile attributes of the user.

Previous: OpenSSO Enterprise Solution: A Less Secure Application
Next: Key Aspects of the OpenSSO Enterprise Solution: Cookie Hijacking Security Issues