RE: [security-services] Potential Errata: Session Index on logout

[Thomas Wisniewski <Thomas.Wisniewski@entrust.com>]

Title: Message

Conor, I think this is already defined in Profiles 1206-1209 where it states that at least one element MUST be included. Element refers to SessionIndex and the context is for an SP initiated logout.

 

The paragraph above also discusses that SessionIndex is the value that came from the IDP assertion.

 

Tom.

-----Original Message-----
From: Conor P. Cahill [mailto:concahill@aol.com]
Sent: Friday, November 04, 2005 8:23 AM
To: SAML
Subject: [security-services] Potential Errata: Session Index on logout

The language surrounding session index on the <LogoutRequest> (line 2546) is a bit lacking.  I suggest we replace that line with something along the lines of:

• The index of the session between the pricipal identified by the subject and the authenticating authority.   This must correlate to the <SessionIndex> that was present in the <AuthnStatement> of the assertion used in the session that is being terminated by this <LogoutRequest>, if any.  
  

I also think we should require that this be specified by the SP when sending an SP-Initiated LogoutRequest if the assertion had a SessionIndex in it.  I was unable to find such a statement in the specs.

Conor
--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php