OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [security-services] SSO validity period




RL 'Bob' Morgan wrote on 4/6/2004, 11:21 AM:

 >
 > I'm not sure which "this window" you're referring to, but I think that
 > even if stolen bearer token issues go away in the scenario you
 > describe, there is still a need for a generic validity period
 > (as described in my other note, the "throw-away-after" date) in
 > this case.

That was the time period that I was referring to in "this window".  I
agree that we need to support such a window, but I do not think it
should be mandatory to have it specified.

Conor





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]