OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: 2.3.2.1.1 Validality of bounded assertions


saml-dev -

I need assistance in the interpretation of 2.3.2.1.1 `Attributes
NotBefore and NotOnOrAfter.'

The model: The assertion is submitted to an interactive service and the
assertion bounds are specified NotBefore and NotOnorAfter.  The
assertion is processed within the range (NotBefore,NotOnorAfter).

Question:  NotOnOrAfter is the upper bound of the validity of the
assertion.  Is the upper bound similar to the max_life within DCE
(Distribute Computing Environment), which service is terminated upon
max_life?  In the model, the interactive service would be terminated
upon reaching NotOnOrAfter.

Or is the bounds the period in which the assertion must be verified.
After assertion verification, the bounds are no longer considered.  In
the model, once the assertion is successfully processed, NotOnOrAfter
has no effect on the behavior of the interactive service.

-Thanks

       Tom



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]