[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: safe value for AuthenticationInstant?
i've been perusing the code of an open source implementation of saml 1.1's web sso profile to try and get a grasp on how saml's being implemented by other developers out there. here is a comment that appears in the code at the point where <AuthenticationStatement ... AuthenticationInstant="..." /> is set: "// No one seems to actually care about authn instant so // we'll just set it to [new java.util.Date()...] // until there are some other requirements..." that struck me as a curious comment! i would think that the time a subject was authenticated is hugely important in most cases (to guard against replay, for example). how have developers in this forum used AuthenticationInstant in their projects?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]