This is correct. In blog post they say: > Other examples exist, but most follow the same pattern: the component that does security checks and the component that performs the actions differ in their view of the input data.

This would be solved (as you described), by ensuring that the downstream layer uses only contents that are verified in the security check layer.

If they are using a microservice then: Security check API -> return verified data (i.e. re-serialize the verified JSON or XML into byte form, NOT the original input) -> Processing layer i.e. userCreate API uses verified data.

This is the method we used in fixing the ruby-saml example.

See: https://bsky.app/profile/filippo.abyssdomain.expert/post/3le...