OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Session assertion example


Title: Session assertion example

Colleagues - During the report of the Protocols sub-committee in our meeting last week in Burlington, Steve F asked for a familiar example of the use of a "session assertion".  I had no ready answer.  Bob B offered one suggestion.  Then, in a conversation with Phill HB on the following Monday, it became clear that the humble "cookie" is, in fact, a good familiar example.

If a user engages in certain steps of a business process at one site, and then has to be transferred to a second site to complete the process, then the session assertion would be the way to convey the results of the initial steps from the first site to the second.  A cookie is one way (with limitations) that one might do this today.  In an SAML implementation, one would use the session assertion to overcome the limitations of the cookie.

Hope this helps.  Best regards.  Tim.

---------------------------------------------------------------------------------------
Tim Moses
Tel: 613.270.3183



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC