[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: HoK Web SSO Profile and security context
Section 2.4 of the HoK Web SSO Profile discusses using the public or session key to create a security context. However, I don't understand how this security context should be manifested. For example, does this mean that the application-layer session (e.g. cookie state) can be substituted by transport (TLS) based session? Or does it mean that transport-derived crypto material/ state can be used to mint bearer-aware cookies for the application session? Or does it mean something else entirely? Thanks, josh.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]