OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Potential Errata: Session Index on logou t


Title: Message
Conor, yes.
 
Profiles could be clarified to state that if there is a session index passed in from the IDP then the SP MUST send it. Otherwise it won't. I guess I just assumed this was implied.
 
As for whether this should be in Core, it seems reasonable -- I'll defer to group.
 
Tom.
-----Original Message-----
From: Conor P. Cahill [mailto:concahill@aol.com]
Sent: Friday, November 04, 2005 9:40 AM
To: Thomas Wisniewski
Cc: SAML
Subject: RE: [security-services] Potential Errata: Session Index on logou t



Thomas Wisniewski wrote on 11/4/2005, 9:29 AM:

Conor, I think this is already defined in Profiles 1206-1209 where it states that at least one element MUST be included. Element refers to SessionIndex and the context is for an SP initiated logout.
I still think this information belongs in the core spec in the description of <LogoutRequest> <SessionIndex> element as the concept isn't a profile specific issue. 

I am also concerned about the fact that the profile says there MUST be at least one element since the IdP may, for whatever reason, choose to not support the concept of multiple simultaneous sessions (it's not that uncommon) in which case it wouldn't provide a SessionIndex and therefore the logout would not need one.

Conor



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]