Subject: Comment from: firstname.lastname@example.org
Comment from: email@example.com Although a Single Logout protocol is introduced in the forthcoming SAML 2.0 specification, the problem of local session timeouts is not addressed. Local session timeouts raise two important questions: 1.) What happens if the Identity Provider's local session times out? 2.) What happens if one of the Service Provider's local sessions time out? To my mind, the introduction of a Single Session Keep-Alive Protocol could help answer these questions. Will the problem of local session timeouts be addressed in one of the forthcoming revisions of the SAML specification?