[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] the value of AuthnInstant
Thanks, Eve. I wasn't sure. Thinking out loud, I wonder how many implementations get this right? Tom On Feb 7, 2008 7:48 PM, Eve Maler <Eve.Maler@sun.com> wrote: > It's t1, isn't it? One assertion, issued at time t2, and another, > issued at time t4, will both indicate that the user authenticated at > time t1 -- assuming that authn session is still good, of course (e.g., > re-authn isn't being forced). > > Eve > > > On Feb 7, 2008, at 4:04 PM, Tom Scavo wrote: > > > Suppose a user presents an AuthnRequest to an IdP at time t0. Since > > the user has no security context initially, the IdP challenges the > > user to authenticate, which the user does successfully (at time t1). > > So the IdP issues an assertion (at time t2), which the user transmits > > to the SP via the browser. > > > > At some later time t3, the user presents another AuthnRequest to the > > IdP. Since the user already has a security context, the IdP does not > > challenge the user to authenticate, but rather issues an assertion (at > > time t4), which again the user transmits to the SP. > > > > Question: What is the value of AuthnInstant in the second assertion? > > > > Thanks, > > Tom > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org > > For additional commands, e-mail: saml-dev-help@lists.oasis-open.org > > > > Eve Maler +1 425 947 4522 > Principal Engineer eve.maler @ sun.com > Business Alliances group Sun Microsystems, Inc. > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]