[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Dynamic Sessions Proposal (long)
> I look forward to discussing this at the meeting, but comments are also welcome in response to this email.
How does this solve the use case where sub-sessions are needed if session is tied to a single AssertionID ? Did I miss something ?
> When the Principal invokes the single logout process at a service
> provider, the service provider MUST send a <LogoutRequest> message to
> the session authority that provided the authentication service related
> to that session at the service provider.
What happend if a SP send the request to the AS and the SA never responds or there is a timing issue in processing requests ? How does the Principal know the outcome ? Not sure that I would trust a SP to terminate sessions held by a SA.
> Recipients MUST validate any signature present on the messages
> specified in this protocol. To be considered valid, the signature
> provided must be the signature of the <Issuer> contained in the
All Messages ?
Anthony Nadalin | work 512.436.9568 | cell 512.289.4122