I'm proposing the use of SAML 1.1 as technology to prove Web SSO in a customer environment, and they asked me something interesting:
Which scenario Browser/POST profile is appropriate, and which scenarios Browser/Artifact profile of SAML is appropriate?
In fact, SAML 1.1 Specifications don´t talk about the best neither most appropriate scenario for both Browser profiles.
Maybe security threats of each one can be used to pick up the best. In my vision, both can be applyed equally in any scenario so far.
*Note: The solution uses Weblogic Server 10.0 and its support to SAML 1.1.