[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] SLO processing rules
Because we're under a deadline for the ballot, I have integrated the changes proposed by Greg (which I believe achieve the goals expressed by various reviewers recently...Conor, Thomas, etc.) into draft-3b of core and profiles. The changes mostly impact core but aren't large or invasive. In profiles, I simply reordered the sections that discuss front and back channel use in step 1 of the profile (SP send LogoutRequest to IdP) and added a SHOULD so that the profile favors use of front-channel when possible. It also explains why briefly. Lines affected in profiles 3b-diff: 1156 1214-1246 (big cut and paste, not actually much changed) In core, I added a new subcode called PartialLogout, and then replaced the error handling rules in section 3.7.3.2 with three new paragraphs that explain: - that the top level code indicates logout with respect to the session authority only - that the authority SHOULD try and contact each SP even if one fails - that if not all SPs were reached, it should return the PartialLogout subcode in its Success response That's it. I think it's all much cleaner now. Changes start on line 2642 of core-3b-diff. Greg/Conor/others, please review if at all possible in the morning and get any comments to the list asap. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]