[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] Multiple AuthnStatements in Assertion
On 2/12/14, 9:19 AM, "Davis, Peter" <Peter.Davis@neustar.biz> wrote: >I have worked on one large (15M) consumer-facing federation were this was >critically important. One AuthNStatement was used for session management >(session federation), and the second was used for delegation. They were >separate because the durability of the delegation exceeded the durability >of the session (different NotOnOrAfter values, among other distinctions). That's also non-standard, which really illustrates the point I'm trying to make. For the most part, delegation is simple to express using assertion lifetime, separately from the SSO lifetime window, which is much shorter and controlled with subject confirmation. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]