[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] SLO processing rules
> Scott, so perhaps the text slightly misleading. I know that > the SA rules say SHOULD, however, the initial definition > (section 3.7 4th paragraph), state that the SA MUST send a > LogoutRequest to ALL session participants. The MUST was a mistake that I didn't fix, it was supposed to be a SHOULD because it was a SHOULD everywhere else in the rules before I added this. > So currently the SHOULD implication in the SA rules really > applies to the first item (send LogoutRequest to proxying > IDPs) and the third item (terminate the session at the IDP). > The second item is a MUST because of the language in 3.7 4th > paragraph. All of them are supposed have the same language regardless. > In any case, I would propose to the TC to consider the SA > rules be changed from SHOULD to MUST -- as I think this is > the actual intent of the single logout in the general case. I don't know exactly how to resolve the issue in the time allowed. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]