OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] Proposed DoNotCache Condition

>But the SSO Assertion can contain attribute statements. Since
>decisions may be based on those attributes, it would be nice to know
>they are expected to change soon. However, this is not the use case I
>really interested in. (see below)

Ok, but if you think about it, putting other statements in the SSO
assertion has some serious problems. The assertion has to be short
lived, so it doesn't seem very practical.

OTOH, one could embed an additional assertion with different validity in
the samlp:Response, and that seems to have the semantics one would want.
The SSO assertion is rendered invalid quickly, but the additional data
can last however long is proper.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC