[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] the value of AuthnInstant
Hmm, does this qualify as errata then? Tom On Feb 11, 2008 11:23 AM, Ari Kermaier <ari.kermaier@oracle.com> wrote: > I would guess that either most IdPs get it right or most SPs don't check. Also, implementers probably wonder (as I guess you did) what the difference is between Assertion IssueInstant and AuthnStatement AuthnInstant. > > ::Ari > > > -----Original Message----- > > From: Tom Scavo [mailto:trscavo@gmail.com] > > Sent: Thursday, February 07, 2008 8:23 PM > > To: Eve Maler > > Cc: SAML Developers > > Subject: Re: [saml-dev] the value of AuthnInstant > > > > > > > Thanks, Eve. I wasn't sure. > > > > Thinking out loud, I wonder how many implementations get this right? > > > > Tom > > > > On Feb 7, 2008 7:48 PM, Eve Maler <Eve.Maler@sun.com> wrote: > > > It's t1, isn't it? One assertion, issued at time t2, and another, > > > issued at time t4, will both indicate that the user authenticated at > > > time t1 -- assuming that authn session is still good, of > > course (e.g., > > > re-authn isn't being forced). > > > > > > Eve > > > > > > > > > On Feb 7, 2008, at 4:04 PM, Tom Scavo wrote: > > > > > > > Suppose a user presents an AuthnRequest to an IdP at time > > t0. Since > > > > the user has no security context initially, the IdP challenges the > > > > user to authenticate, which the user does successfully > > (at time t1). > > > > So the IdP issues an assertion (at time t2), which the > > user transmits > > > > to the SP via the browser. > > > > > > > > At some later time t3, the user presents another > > AuthnRequest to the > > > > IdP. Since the user already has a security context, the > > IdP does not > > > > challenge the user to authenticate, but rather issues an > > assertion (at > > > > time t4), which again the user transmits to the SP. > > > > > > > > Question: What is the value of AuthnInstant in the second > > assertion? > > > > > > > > Thanks, > > > > Tom > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org > > > > For additional commands, e-mail: > > saml-dev-help@lists.oasis-open.org > > > > > > > > > > Eve Maler +1 425 947 4522 > > > Principal Engineer eve.maler @ sun.com > > > Business Alliances group Sun Microsystems, Inc. > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org > > For additional commands, e-mail: saml-dev-help@lists.oasis-open.org > > > > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]