[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] SessionIndex and Privacy Text
Conor wrote: > Hmm... Thinking about this, we could just move to using the > assertion ID since storing that value at the SP is little > different than storing the session index and for the IDP, > they probably keep track of the assertion IDs that they have > issued at least for the lifetime of the assertion. > > If we did use the Assertion ID, we could simply get rid of > the session index. I advocated this approach at least as far back as the second F2F meeting, mostly because nobody could supply text for SessionIndex that captured the options we wanted to communicate. What you suggested is probably as good as anything I've seen so far. My recollection is that people didn't want to use AssertionID because it required some additional tracking of some sort, but I don't recall exactly what. The f2f notes might have a record of the discussion. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]