[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] Introduction & Question about the "heaviness" of S AML
> So we are relying on the application to set the limit for > each assertion sent? If it's an application that's managing the SSO process, then yes. Otherwise it's probably a SSO module of some sort at the target that manages SSO on behalf of multiple applications. There is only one SSO assertion to get a session established, it's not a constant process. The point is, protection against clock skew is balanced against the desire for the SSO assertion to be short-lived, and the profile doesn't say what you have to decide. An hour is clearly wrong, but five minutes might be considered too short by some. > When you say "relying site" which one do you mean? Sender or receiver? The receiver of a SSO assertion (the target) is the one relying on the assertion. > Is there a default timeout that can be configured? I'm sure most implementations do (mine is currently not even configurable in its beta form), but that's not part of the spec. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC