[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: safe value for AuthenticationInstant?
i've been perusing the code of an open source implementation of
saml 1.1's web sso profile to try and get a grasp on how saml's
being implemented by other developers out there. here is a comment
that appears in the code at the point where
<AuthenticationStatement ... AuthenticationInstant="..." /> is
set:
"// No one seems to actually care about authn instant so
// we'll just set it to [new java.util.Date()...]
// until there are some other requirements..."
that struck me as a curious comment! i would think that the time a
subject was authenticated is hugely important in most cases (to
guard against replay, for example). how have developers in this
forum used AuthenticationInstant in their projects?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]