OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [saml-dev] Introduction & Question about the "heaviness" of S AML

> So we are relying on the application to set the limit for 
> each assertion sent?

If it's an application that's managing the SSO process, then yes.
Otherwise it's probably a SSO module of some sort at the target that
manages SSO on behalf of multiple applications.

There is only one SSO assertion to get a session established, it's not a
constant process. The point is, protection against clock skew is
balanced against the desire for the SSO assertion to be short-lived, and
the profile doesn't say what you have to decide. An hour is clearly
wrong, but five minutes might be considered too short by some.

> When you say "relying site" which one do you mean? Sender or receiver?

The receiver of a SSO assertion (the target) is the one relying on the

> Is there a default timeout that can be configured?

I'm sure most implementations do (mine is currently not even
configurable in its beta form), but that's not part of the spec.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC