saml-dev message

Subject: RE: [saml-dev] Introduction & Question about the "heaviness" of S AML

From: Neil Gehani <ngehani@us.checkpoint.com>
To: 'Scott Cantor' <cantor.2@osu.edu>,'John Herendeen' <john.herendeen@entegrity.com>,'Adam Theo' <theo@theoretic.com>, 'Mark Wilcox' <mark.wilcox@webct.com>
Date: Wed, 13 Nov 2002 08:04:59 -0800

So we are relying on the application to set the limit for each assertion
sent? When you say "relying site" which one do you mean? Sender or
receiver? Is there a default timeout that can be configured?

-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu] 
Sent: Wednesday, November 13, 2002 7:50 AM
To: ngehani@us.checkpoint.com; 'John Herendeen'; 'Adam Theo'; 'Mark
Wilcox'
Cc: saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] Introduction & Question about the "heaviness" of
S AML

>Are the minutes configurable?

It's more or less unspecified. "Long enough to get it from site A to B,
short enough to limit the danger." A relying site has its own policy on
how long a SSO assertion should be valid.

-- Scott

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>

Follow-Ups:
- RE: [saml-dev] Introduction & Question about the "heaviness" of S AML
  - From: Scott Cantor <cantor.2@osu.edu>

References:
- RE: [saml-dev] Introduction & Question about the "heaviness" of S AML
  - From: Scott Cantor <cantor.2@osu.edu>