OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] the value of AuthnInstant

It's t1, isn't it?  One assertion, issued at time t2, and another,  
issued at time t4, will both indicate that the user authenticated at  
time t1 -- assuming that authn session is still good, of course (e.g.,  
re-authn isn't being forced).


On Feb 7, 2008, at 4:04 PM, Tom Scavo wrote:

> Suppose a user presents an AuthnRequest to an IdP at time t0.  Since
> the user has no security context initially, the IdP challenges the
> user to authenticate, which the user does successfully (at time t1).
> So the IdP issues an assertion (at time t2), which the user transmits
> to the SP via the browser.
> At some later time t3, the user presents another AuthnRequest to the
> IdP.  Since the user already has a security context, the IdP does not
> challenge the user to authenticate, but rather issues an assertion (at
> time t4), which again the user transmits to the SP.
> Question: What is the value of AuthnInstant in the second assertion?
> Thanks,
> Tom
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: saml-dev-help@lists.oasis-open.org

Eve Maler                                         +1 425 947 4522
Principal Engineer                            eve.maler @ sun.com
Business Alliances group                    Sun Microsystems, Inc.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]