OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: AI 270: IdP discovery profile errata


Description:

There is confusion over how the contents of an IdP Discovery cookie are
meant to be interpreted because of the allowance for specifying either
persistent or session lifetime.

Proposal:

Profiles, section 4.3

Insert paragraph after line 1105:

Note that while a session-only cookie can be used, the intent of this
profile is not to provide a means of determining whether a user actually has
an active session with one or more of the identity providers stored in the
cookie. The cookie merely identifies identity providers known to have been
used in the past. Service providers MAY instead rely on the IsPassive
attribute in their samlp:AuthnRequest message to probe for active sessions.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]