Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Caching Assertions with the OneTimeUse Condition

Subject: OpenSAML user discussion

List archive

Re: Caching Assertions with the OneTimeUse Condition


Chronological Thread 
  • From: "Tom Scavo" <>
  • To:
  • Subject: Re: Caching Assertions with the OneTimeUse Condition
  • Date: Fri, 29 Jun 2007 09:43:42 -0400
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=cLSdcSl6puGISAtn/Ywa40Cy0MmOtAGzNMvdq+OoZNPzVU0qnrsuTSSi2xoHIiRnVYZVSrpepYXgWsZ5aEynyLz+2KZOPoc0YC+kVSuJ9gvc3ajr8Qyogn78k7BrHEf+F10ziGu9qh0Cr2HvNBK3/aLvQVEJD7lEXveC9Fm2h3g=

[this thread probably belongs in
]

On 6/29/07, Arnout Engelen
<>
wrote:
Hi,

saml-core defines, on page 24:

To support the single use constraint, a relying party should maintain a
cache of the assertions it has processed containing such a condition.
Whenever an assertion with this condition is processed, the cache should
be checked to ensure that the same assertion has not been previously
received and processed by the relying party.

How can the relying party tell, in general, whether the incoming
assertion is a duplicate of a previously received and processed
assertion, rather than a fresh one that happens to contain the same
information?

Every assertion has a unique ID, so perhaps you could use that.

Hope this helps,
Tom



Archive powered by MHonArc 2.6.16.

Top of Page