RE: Session Management Use case, scenario and issues

["Orchard, David" <dorchard@jamcracker.com>]

Hmm, you are probably correct.  It could be argued that it is a requirement,
as much as a requirement to pass the credential mechanism in the assertion
is.  Does seem pretty designish though.  How about I remove it from the
draft (I did add it after all), and if somebody really wants it in, they can
motion to put it back.

Dave


> -----Original Message-----
> From: Edwards, Nigel [mailto:Nigel_Edwards@hp.com]
> Sent: Friday, February 16, 2001 1:58 AM
> To: 'Orchard, David'; 'security-use@lists.oasis-open.org'
> Subject: RE: Session Management Use case, scenario and issues
> 
> 
> Thanks Dave, for providing us with a much needed session use case.
> 
> I have one comment.
> 
> > Issue: [UC-3-5:Timeout differences] Assuming source and destination
> > timeouts are supported, what is the algorithm for determining the
> > current timeout.  Example A.  Time out on source is 15 minutes.
> > Timeout on destination is 10 minutes.  User has accessed source and
> > destination 12 minutes ago.  Should timeout of destination 
> occur (>10
> > minutes) or not (<15 minutes for source).  Example B.  Timeout on
> > source is 10 minutes, timeout on destination is 15 minutes, 
> user last
> > accessed both 12 minutes.  Same question.  Editor 
> recommends: timeout
> > master is the source web site, and destination web sites can shorten
> > for their sites.  In case A, user times out of destination but not
> > source.  In case B, user should have been deleted from destination
> > site because the source will have sent a delete session message.
> > 
> 
> I request that we be given the option to vote that specifying the
> algorithm is out of scope for the requirements and use case group.
> 
> 
> Regards,
> Nigel.
> 
> ------------------------------------------------------------------
> To unsubscribe from this elist send a message with the single word
> "unsubscribe" in the body to: 
> security-use-request@lists.oasis-open.org
>