[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Groups - sstc-saml-holder-of-key-browser-sso-draft-03.odt (sstc-saml-holder-of-key-browser-sso-draft-03.odt) uploaded
On Tue, Jun 17, 2008 at 11:17 AM, Scott Cantor <cantor.2@osu.edu> wrote: > > Sec 4, line 489: I think this is confusing in context because in fact as the profile is written, you're NOT issuing reusable assertions and they should still have short confirmation windows. In SSO now, the assertion *validity period* is independent of that anyway, even with bearer. Can you explain this further? What is it about these assertions that makes them not reusable? > You *could* make the confirmation window longer, but why bother? Because it potentially decreases the number of times the user has to authenticate at the IdP, which has advantages in terms of both usability and security. > The assertion is still targeted via audience at the SP, and it's an SP-driven profile, so I don't think this is really the right vehicle to be pushing reusable assertions. Reusable assertions are not being "pushed" in this profile. Rather reusable assertions are a by-product of this profile. If not, can you explain why not? Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]