I don�t much about single sign-on and the JOSSO project (see
http://www.josso.org/). I am going to implement single sign-on in a web-system, and then I suggested to use JOSSO to my partner. Then he tells me that JOSSO doesn�t live up to their security politic. Are there any security flaws or other things to be aware of when using JOSSO?
Thanks