[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Re: Clock Synchronization bwtween IDP and SP
NTP…. both should sync their clocks to a good network time
source. At the same time, the IdP should not depend upon exact
synchronization and allow for some clock drift as well as propagation delay in its
calculations (e.g. don’t depend upon the SP receiving the assertion
within milliseconds of the IdP issuing it). I tend to
assume that clocks can be as much as 5 minutes off in my calculations. If such a time synchronization drift is not acceptable in your
deployment, you need to ensure through out of band policy that all parties
maintain good time synchronization with well synced clocks (if not the same
clock source). Conor From: Siddhartha
Purkayastha [mailto:kpsiddharth@gmail.com] I figured the SAML response is
totally based on the IDP clock. This means that there should be an explicit way
to achieve clock synchronization between the IDP and SP. 2009/3/30 Siddhartha Purkayastha <kpsiddharth@gmail.com> Hello All, |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]