[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] handling of multiple SP logout
robert.philpott@rsa.com wrote on 2009-08-03: > See below, but I think we could have an issue in defining the "correct" > behavior here w.r.t passing or failing a conformance test... I don't think you can require anything here because the SP isn't required to remember a session once it's locally terminated. > The spec isn't really precise on this use case. I personally think it's > best to pretend it worked and send "success" because of the spec wording > related to #2 below... For the user experience, you absolutely SHOULD do that, but you can't require it. > To be more precise, the "IdP action" Scott is referring to is whether > the IdP is able log out the user's session at the IdP. It is not > related to what happens at any of the SP's. Right. > Of course if the IdP receives an error from an SP due to item #1 above, > technically it has to report back a "PartialLogout" second-level status > to the SP that originated the LogoutRequest. Right. That's all spelled out, is my point. Could be clearer, but I don't think "clear" and "logout" really belong in the same sentence. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]