OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] SessionIndex and Privacy Text

Conor wrote:

> Hmm... Thinking about this, we could just move to using the 
> assertion ID since storing that value at the SP is little 
> different than storing the session index and for the IDP, 
> they probably keep track of the assertion IDs that they have 
> issued at least for the lifetime of the assertion.
> If we did use the Assertion ID, we could simply get rid of 
> the session index.

I advocated this approach at least as far back as the second F2F meeting,
mostly because nobody could supply text for SessionIndex that captured the
options we wanted to communicate. What you suggested is probably as good as
anything I've seen so far.

My recollection is that people didn't want to use AssertionID because it
required some additional tracking of some sort, but I don't recall exactly
what. The f2f notes might have a record of the discussion.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]