OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: RE: [saml-dev] session in AuthnStatement

Hello Conor,

thank you for your reply. 

The second question was about whether there is a possibility to store the session index between the subject and the *service provider* instead of between the subject and the identitiy provider. But I think I won't need that any more.

Regards,
Manuel


-------- Original-Nachricht --------
Datum: Mon, 13 Nov 2006 07:34:30 -0800
Von: "Cahill, Conor P" <conor.p.cahill@intel.com>
An: "Manuel Ernstberger" <MErnstberger@gmx.de>, saml-dev@lists.oasis-open.org
Betreff: RE: [saml-dev] session in AuthnStatement

>  
> 
> > the SAML2.0 core specification says that the SessionIndex 
> > attribute is used for the session between a principal and the 
> > authenticating authority. What is the intention of this 
> > attribute? Can it be used to find the authenticating authority?
> 
> the intention of this attribute is to be able to differentiate
> between different authenticcation sessions of the principal 
> at the same relying party.   
> 
> So a user could be authenticated to the same IdP and visit the
> same SP from multiple computers.  Each SSO session would be 
> independent, so when the user logged out from their SSO session
> on computer 1, the IdP could send single-logout messages to 
> the SP without impacting the user's session on computer 2.
> 
> 
> > And is it possible to save the session between a subject and 
> > a service provider? Perhaps as an extension in the AuthnContext?
> 
> I'm not sure what you're asking here.  The SSO session index is
> only used to differentiate between simultaneous independent 
> SSO sessions with the IdP and not to track any other information
> about the session.
> 
> Conor
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: saml-dev-help@lists.oasis-open.org

-- 
"Ein Herz für Kinder" - Ihre Spende hilft! Aktion: www.deutschlandsegelt.de
Unser Dankeschön: Ihr Name auf dem Segel der 1. deutschen America's Cup-Yacht!

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]