[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Implementation questino for an SLO after an MNI Termination
Hi. I wanted to clarify what should be done in this case based on a use case from the RSA conference..
Assuming a user is logged in via saml using a saml persistent identifier format. Then either from the IDP or SP, they perform an MNI terminate protocol. My interpretation is that once the terminate is completed, then either party MUST NOT use the terminated persistent identifier. This basically implies that SLO is no longer possible bewteen the two providers. I think this is the correct interpretation. Furthermore, what happens at each respective partner, related to the saml session that was established at the outset, is up to each partner.
It may be worth including this in the Implementation Guidelines.
Thanks, Tom.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]