OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Outstanding assertions and NameID changes

When a SP changes a SPProvidedNameID with the IdP, an interesting piece of information that could be quite useful for the IdP to return to the SP would be an indication of the whether or not there are any outstanding assertions and if so, what the anticipated expiration time of the longest lasting assertion.
This information would be useful to the SP so that the SP would know the likely time needed to "remember" its old SPProvidedNameID.
I would see the IdP being able to say:
Note that I don't think this issue aplies to the IdP provided NameIds as the IDP should know when any of its issued assertions using that nameID would expire and in general, those assertions aren't typically generated for consumption at the IdP.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]