[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [Issue] DoNotCache
It has been suggested that there should be a way in SAML to specify that an assertion is currently valid, but should not be cached for later use. This should not depend on the particular amount of variation between clocks in the network. For example, a PDP may wish to indicate to a PEP that it should make a new request for every authorization decision. For example, its policy may be subject to change at frequent and unpredictable intervals. It would be desirable to have a SAML specified convention for doing this. This may interact with the position taken on clock skew. For example, if SAML takes no position on clock skew the PDP may have to set the NotAfter value to some time in the future to insure that it is not considered expired by the PEP. Potential Resolutions: 1. SAML will specify some combination of settings of the IssueInstant and ValidityInterval to mean that the assertion should not be cached. For example, setting all three datetime fields to the same value could be deemed indicate this. 2. SAML will add an additional element to either Assertions or Responses to indicate the assertion should not be cached. 3. SAML will provide no way to indicate that an Assertion should not be cached.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC