OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Suggested text for OneTimeUse "replay detection"

Conor suggested we should add some guidance language around how to enforce
the OneTimeUse condition with replay detection. I suggest something like:

"In accordance with the single use constraint, a relying party SHOULD
maintain a cache of assertions it has accepted containing such a condition,
remembering that it has accepted a particular assertion for at least the
lifetime of that assertion (or a reasonable time frame, if an assertion's
lifetime does not have an upper bound)."

After I wrote that, it seemed like in fact we might want to just enforce
that any assertion containing this condition probably has to have a
NotOnOrAfter anyway, based on the motivation for using it. Should I just say
that?

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]