[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: FW: Issue Group 3 changes
> -----Original Message----- > From: Pilz, Gilbert [mailto:gpilz@jamcracker.com] > Sent: Tuesday, April 03, 2001 5:35 PM > To: Darren Platt > Subject: Issue Group 3 changes > > > Darren, > > Attached are my changes to Issue Group 3. I wasn't sure if you > wanted me to > circulate this to the entire Use-Case list or what. > > >
ISSUE:[UC-3-03:Logout] Should SAML support transfer of information about application-level logouts (e.g., a principal intentionally ending a session) from the application to the Session Authority ? Candidate Requirement: [CR-3-3-Logout] SAML shall support a message format to indicate the end of an application-level session due to logout by the principal. Note that this requirement is implied by Scenario 1-3 (the second scenario 1-3 in straw man 3 - oops). This issue seeks to clarify the document by making the requirement explicit. Possible Resolutions: 1. Add this requirement to SAML. 2. Do not add this requirement to SAML. ISSUE:[UC-3-05:SessionTimeout] For managing a SAML User Sessions, it may be useful to have a way to indicate that the SAML-level session is no longer valid. The logout requirement would invalidate a session based on user input. This requirement, for timeout, would invalidate the SAML-level session based on other factors, such as when the user has not used any of the SAML-level sessions constituent application- level sessions for more than a set amount of time. Candidate requirement: [CR-3-5-Timeout] SAML shall support a message format for timeout of a SAML-level session. Here, "timeout" is defined as the ending of a SAML-level session by a security system not based on user input. For example, if the user has not used any of the application-level sub-sessions for a set amount of time, the session may be considered "timed out." Note that this requirement is implied by Scenario 1-3, figure 6, specifically the last message labeled 'optionally delete/revoke session'. This issue seeks to clarify the document by making the requirement explicit. Possible Resolutions: 1. Add this requirement to SAML. 2. Do not add this requirement and/or use cases. ISSUE:[UC-3-06:DestinationLogout] Should logging out of an individual application-level session be supported? Advantage: allows application Web sites control over their local domain consistent with the model most widely implemented on the web. Disadvantage: potentially more interactions between the application and the Session Authority. In this scenario a Session Authority is managing a SAML-level session that includes an application-level session maintained by the destination Web site. The user invokes a logout event on the destination Web site, which invalidates the application-level session. The destination Web site passes this information back to the Session Authority. [DestinationLogout.png] Figure X: Destination Logout Steps: 1. User initiates a logout event on the destination Web site. 2. Destination Web site invalidates the application-level session and notifies the Session Authority. Candidate Requirement: [CR-3-6-DestinationLogout] The SAML model for session management shall support logout initiated by the user at a destination site, that is, a site other than the one where the session was initiated. Possible Resolutions: 1. Add this scenario and requirement to SAML. 2. Do not add this scenario or requirement. ISSUE:[UC-3-8:DestinationTimeout] Having the Session Authority determine the timeout of a session is covered under [UC-3-5]. This issue covers the manner and extent to which systems participating in that session can initiate and control the timeout of their own sessions. In this scenario a Session Authority is managing a SAML-level session that includes an application-level session maintained by the destination Web site. The user's application-level session times out on the destination Web site, and the destination consults with the Session Authority to determine if the application-level session should be terminated. [DestinationTimeout.png] Figure X: Destination Timeout. Steps: 1. Based on an internal timer, the destination Web site determines that the user's application-level session has expired. 2. The destination Web site requests information on the session from the Session Authority to determine if the SAML-level session has other, active application-level sessions elsewhere. 3. Based on domain-specific policy the destination Web site either: a.) leaves the application-level session untouched (thus deferring all control to the Session Authority) b.) terminates the application-level session (thus rejecting any control by the Session Authority) and sends a message to the Session Authority informing the Session Authority that this application-level session is no longer active c.) extends the application-level session by some pre-determined "grace period" (compromise between 'a' and 'b') Candidate requirement: [CR-3-8-DestinationTimeout] SAML shall support destination system timeout. Possible Resolutions: 1. Add this scenario and requirement to SAML. 2. Do not add this scenario or requirement.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC