[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Dynamic Sessions Proposal (long)
ext Anthony Nadalin wrote: > > I look forward to discussing this at the meeting, but comments are > also welcome in response to this email. > > How does this solve the use case where sub-sessions are needed if > session is tied to a single AssertionID ? Did I miss something ? The session authority for the "sub-session" accounts and maintains state for whatever is tied to the session ID. Sessions are all in the eye of the beholder. It doesn't matter whether you use the assertion or some other protocol element to indicate the session in the protocol. The session authority can still be hierarchically linked to a "higher authority". > > > When the Principal invokes the single logout process at a service > > provider, the service provider MUST send a <LogoutRequest> message to > > the session authority that provided the authentication service related > > to that session at the service provider. > > What happend if a SP send the request to the AS and the SA never > responds or there is a timing issue in processing requests ? How does > the Principal know the outcome ? Not sure that I would trust a SP to > terminate sessions held by a SA. > If the SP sends the message and there is no response from the SA, the SP is still free to log the Principal out at their site, and can inform the Principal that they were unable to communicate their logout to other participants in the session. > > Recipients MUST validate any signature present on the messages > > specified in this protocol. To be considered valid, the signature > > provided must be the signature of the <Issuer> contained in the > > message. > > All Messages ? I'm not I understand your reference. If there's a signature on the Request/Response message, you MUST validate it. The signature provided must be that of the Issuer identified in the message itself. - JohnK
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]