OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] SLO processing rules

> Scott, so perhaps the text slightly misleading. I know that 
> the SA rules say SHOULD, however, the initial definition 
> (section 3.7 4th paragraph), state that the SA MUST send a 
> LogoutRequest to ALL session participants.

The MUST was a mistake that I didn't fix, it was supposed to be a SHOULD
because it was a SHOULD everywhere else in the rules before I added this.

> So currently the SHOULD implication in the SA rules really 
> applies to the first item (send LogoutRequest to proxying 
> IDPs) and the third item (terminate the session at the IDP). 
> The second item is a MUST because of the language in 3.7 4th 
> paragraph.

All of them are supposed have the same language regardless.

> In any case, I would propose to the TC to consider the SA 
> rules be changed from SHOULD to MUST -- as I think this is 
> the actual intent of the single logout in the general case.

I don't know exactly how to resolve the issue in the time allowed.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]