[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Comments on Core 13 & Profiles 08aroundSubjectConfirmationData
> 1) a subject confirm themselves to an assertion that is not > yet valid? > 2) a subject confirm themselves to an assertion that was > valid but has since expired? I'll defer to other opinions, but my take was to say nothing and view them as independent issues. It seems unlikely that any use case for confirming outside of the assertion validity period exists, but I didn't see a strong need to call this out. The SSO profile needs to explicitly note that "the assertion MUST be valid", and "the bearer MUST be able to satisfy the confirmation method", which includes the time window... Other opinions? -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]