[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: RE: [saml-dev] session in AuthnStatement
Hello Conor, thank you for your reply. The second question was about whether there is a possibility to store the session index between the subject and the *service provider* instead of between the subject and the identitiy provider. But I think I won't need that any more. Regards, Manuel -------- Original-Nachricht -------- Datum: Mon, 13 Nov 2006 07:34:30 -0800 Von: "Cahill, Conor P" <conor.p.cahill@intel.com> An: "Manuel Ernstberger" <MErnstberger@gmx.de>, saml-dev@lists.oasis-open.org Betreff: RE: [saml-dev] session in AuthnStatement > > > > the SAML2.0 core specification says that the SessionIndex > > attribute is used for the session between a principal and the > > authenticating authority. What is the intention of this > > attribute? Can it be used to find the authenticating authority? > > the intention of this attribute is to be able to differentiate > between different authenticcation sessions of the principal > at the same relying party. > > So a user could be authenticated to the same IdP and visit the > same SP from multiple computers. Each SSO session would be > independent, so when the user logged out from their SSO session > on computer 1, the IdP could send single-logout messages to > the SP without impacting the user's session on computer 2. > > > > And is it possible to save the session between a subject and > > a service provider? Perhaps as an extension in the AuthnContext? > > I'm not sure what you're asking here. The SSO session index is > only used to differentiate between simultaneous independent > SSO sessions with the IdP and not to track any other information > about the session. > > Conor > > --------------------------------------------------------------------- > To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: saml-dev-help@lists.oasis-open.org -- "Ein Herz für Kinder" - Ihre Spende hilft! Aktion: www.deutschlandsegelt.de Unser Dankeschön: Ihr Name auf dem Segel der 1. deutschen America's Cup-Yacht!
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]