OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Dynamic Sessions Proposal (long)

> I look forward to discussing this at the meeting, but comments are also welcome in response to this email.

How does this solve the use case where sub-sessions are needed if session is tied to a single AssertionID ? Did I miss something ?

> When the Principal invokes the single logout process at a service
> provider, the service provider MUST send a <LogoutRequest> message to
> the session authority that provided the authentication service related
> to that session at the service provider.

What happend if a SP send the request to the AS and the SA never responds or there is a timing issue in processing requests ? How does the Principal know the outcome ? Not sure that I would trust a SP to terminate sessions held by a SA.

> Recipients MUST validate any signature present on the messages
> specified in this protocol. To be considered valid, the signature
> provided must be the signature of the <Issuer> contained in the
> message.

All Messages ?

Anthony Nadalin | work 512.436.9568 | cell 512.289.4122

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]