[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: FW: Issue Group 3 changes
> -----Original Message----- > From: Pilz, Gilbert [mailto:gpilz@jamcracker.com] > Sent: Tuesday, April 03, 2001 5:35 PM > To: Darren Platt > Subject: Issue Group 3 changes > > > Darren, > > Attached are my changes to Issue Group 3. I wasn't sure if you > wanted me to > circulate this to the entire Use-Case list or what. > > >
ISSUE:[UC-3-03:Logout] Should SAML support transfer of information
about application-level logouts (e.g., a principal intentionally
ending a session) from the application to the Session Authority ?
Candidate Requirement:
[CR-3-3-Logout] SAML shall support a message format to
indicate the end of an application-level session due to
logout by the principal.
Note that this requirement is implied by Scenario 1-3 (the second
scenario 1-3 in straw man 3 - oops). This issue seeks to clarify the
document by making the requirement explicit.
Possible Resolutions:
1. Add this requirement to SAML.
2. Do not add this requirement to SAML.
ISSUE:[UC-3-05:SessionTimeout] For managing a SAML User Sessions, it
may be useful to have a way to indicate that the SAML-level session is
no longer valid. The logout requirement would invalidate a session
based on user input. This requirement, for timeout, would invalidate
the SAML-level session based on other factors, such as when the user
has not used any of the SAML-level sessions constituent application-
level sessions for more than a set amount of time.
Candidate requirement:
[CR-3-5-Timeout] SAML shall support a message format for
timeout of a SAML-level session. Here, "timeout" is defined
as the ending of a SAML-level session by a security system
not based on user input. For example, if the user has not used
any of the application-level sub-sessions for a set amount of
time, the session may be considered "timed out."
Note that this requirement is implied by Scenario 1-3, figure 6,
specifically the last message labeled 'optionally delete/revoke session'.
This issue seeks to clarify the document by making the requirement
explicit.
Possible Resolutions:
1. Add this requirement to SAML.
2. Do not add this requirement and/or use cases.
ISSUE:[UC-3-06:DestinationLogout] Should logging out of an individual
application-level session be supported? Advantage: allows application
Web sites control over their local domain consistent with the model
most widely implemented on the web. Disadvantage: potentially more
interactions between the application and the Session Authority.
In this scenario a Session Authority is managing a SAML-level session
that includes an application-level session maintained by the destination
Web site. The user invokes a logout event on the destination Web site,
which invalidates the application-level session. The destination
Web site passes this information back to the Session Authority.
[DestinationLogout.png]
Figure X: Destination Logout
Steps:
1. User initiates a logout event on the destination Web site.
2. Destination Web site invalidates the application-level session and
notifies the Session Authority.
Candidate Requirement:
[CR-3-6-DestinationLogout] The SAML model for session
management shall support logout initiated by the user at
a destination site, that is, a site other than the one where
the session was initiated.
Possible Resolutions:
1. Add this scenario and requirement to SAML.
2. Do not add this scenario or requirement.
ISSUE:[UC-3-8:DestinationTimeout] Having the Session Authority
determine the timeout of a session is covered under [UC-3-5].
This issue covers the manner and extent to which systems
participating in that session can initiate and control the timeout
of their own sessions.
In this scenario a Session Authority is managing a SAML-level session
that includes an application-level session maintained by the destination
Web site. The user's application-level session times out on the
destination Web site, and the destination consults with the Session
Authority to determine if the application-level session should be
terminated.
[DestinationTimeout.png]
Figure X: Destination Timeout.
Steps:
1. Based on an internal timer, the destination Web site determines
that the user's application-level session has expired.
2. The destination Web site requests information on the session from
the Session Authority to determine if the SAML-level session has
other, active application-level sessions elsewhere.
3. Based on domain-specific policy the destination Web site either:
a.) leaves the application-level session untouched (thus deferring
all control to the Session Authority)
b.) terminates the application-level session (thus rejecting any
control by the Session Authority) and sends a message to the
Session Authority informing the Session Authority that this
application-level session is no longer active
c.) extends the application-level session by some pre-determined
"grace period" (compromise between 'a' and 'b')
Candidate requirement:
[CR-3-8-DestinationTimeout] SAML shall support destination
system timeout.
Possible Resolutions:
1. Add this scenario and requirement to SAML.
2. Do not add this scenario or requirement.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC