[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Fw: First contact
Tim,
I understand,
This indeed a brain-dead solution. Does not
scale. Does not plug-and-play.
Only in shibboleth and similar scenarious that will
work satisfactory although
I don't see why they should settle on systems
requiring centralized
directories. Not even their WAYF needs or
benefits from being centralized
if properly designed.
The scenario we are planning require users
belonging to millions of autonomous
organizations to auth* to each other. URL
breakage is a major
concern.
Another feature of our system: If the signed
auth* req coming from the
content site times-out (it has a validity stamp)
because the user is slow
to authenticate to the source site, the system
automatically refreshes
the auth-request without the user
involvement. Otherwise the user would get
a time-out error when redirecting. Not
everybody thinks that 2-hour time-outs
are satisfactory. With our approach you don't
have to change time-out
from a regular 20 min or less.
Anders
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC