saml-dev message

Subject: Re: [saml-dev] Multiple AuthnStatements in Assertion

From: "Cantor, Scott" <cantor.2@osu.edu>
To: "Davis, Peter" <Peter.Davis@neustar.biz>, Rob Philpott <robert.philpott@rsa.com>
Date: Wed, 12 Feb 2014 15:04:16 +0000

On 2/12/14, 9:19 AM, "Davis, Peter" <Peter.Davis@neustar.biz> wrote:

>I have worked on one large (15M) consumer-facing federation were this was
>critically important. One AuthNStatement was used for session management
>(session federation), and the second was used for delegation. They were
>separate because the durability of the delegation exceeded the durability
>of the session (different NotOnOrAfter values, among other distinctions).

That's also non-standard, which really illustrates the point I'm trying to
make. For the most part, delegation is simple to express using assertion
lifetime, separately from the SSO lifetime window, which is much shorter
and controlled with subject confirmation.

-- Scott

References:
- Multiple AuthnStatements in Assertion
  - From: Vasu Y <vyal2k@yahoo.com>
- Re: [saml-dev] Multiple AuthnStatements in Assertion
  - From: "Cantor, Scott" <cantor.2@osu.edu>
- Re: [saml-dev] Multiple AuthnStatements in Assertion
  - From: Will Hartung <willh@mirthcorp.com>
- Re: [saml-dev] Multiple AuthnStatements in Assertion
  - From: "Cantor, Scott" <cantor.2@osu.edu>
- Re: [saml-dev] Multiple AuthnStatements in Assertion
  - From: "Philpott, Robert" <robert.philpott@rsa.com>
- Re: [saml-dev] Multiple AuthnStatements in Assertion
  - From: "Davis, Peter" <Peter.Davis@neustar.biz>