[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Comments on ISSUE:[UC-3-05:SessionTimeout]
The session timeout requirement explicitly calls for a SAML message to indicate the timeout. There are other possible implementations of timeout; do we want to specifically require a form of timeout handling that requires communication between the parties? As an example, session timeout could be implemented by creating session assertions with a relatively short lifetime; when that lifetime expires, the user is redirected back to the session authority to get an updated session assertion (and presumably then redirected back to the intended destination). If the user session really has timed out, the session authority forces the user to log in again before issuing a new session assertion. I'd like to see the words "a message format for" removed from the candidate requirement. I think it's enough for us to require some sort of timeout support, without specifically calling for a message. - irving -
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC