[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Protocol extension for role change
On 11/8/16, 2:35 PM, "Rainer Hoerbe" <rainer@hoerbe.at> wrote: > The officer is primarily working on cases, not applications. The officer will use multiple applications with SSO. > When switching to a new case from a different agency all settings must change. (Except interruptions by > customer calls). I see, that wasn't clear. > BTW, this use case is actually implemented this way in our legacy SSO system. If it uses a shared cookie, I can see how. If not, I don't. SLO isn't practical now, if it ever was, so given your requirements, I don't know how to meet them practically. It's not really so much whether this is specifiable, obviously it is, it's just not implementable. I would probably argue for some other approach involving some kind of polling for the role. Perhaps the software could detect a lag in activity and when the user comes back "re-certify" the status using an API. Seems like a good OAuth use case. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]