[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Proposed DoNotCache Condition
>But the SSO Assertion can contain attribute statements. Since Authorization >decisions may be based on those attributes, it would be nice to know that >they are expected to change soon. However, this is not the use case I am >really interested in. (see below) Ok, but if you think about it, putting other statements in the SSO assertion has some serious problems. The assertion has to be short lived, so it doesn't seem very practical. OTOH, one could embed an additional assertion with different validity in the samlp:Response, and that seems to have the semantics one would want. The SSO assertion is rendered invalid quickly, but the additional data can last however long is proper. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC