mace-opensaml-users - Re: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>
Subject: OpenSAML user discussion
List archive
Re: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>
Chronological Thread
- From: "Cantor, Scott E." <>
- To: "" <>
- Subject: Re: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>
- Date: Mon, 2 May 2011 16:36:33 +0000
- Accept-language: en-US
On 5/2/11 12:33 PM, "Gina Choi"
<>
wrote:
>The following is part of assertion token. NotOnOrAfter is in both
><SubjectConfirmation> and <Conditions> tags. The NotOnOrAfter timestamp in
>the SubjectConfirmation tag is around two hours ahead and the one in the
>Conditions tag is 5 min ahead then current time.
That's backwards from accepted norms for bearer assertions, but a
condition is going to be an upper bound on subject confirmation anyway.
>I looked at document for
>Assertion protocols and it seems that NotOnOrAfter in the
>SubjectConfirmation
>is to restrict Subject data while the one in the Conditions tag is to
>restrict the Assertion token, but I wonder why do we need NotOnOrAfter in
>both places? Isn't one in the either place enough?
No, since they serve completely different functions.
-- Scott
- [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>, Gina Choi, 05/02/2011
- Re: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>, Cantor, Scott E., 05/02/2011
- RE: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>, Gina Choi, 05/02/2011
- Re: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>, Cantor, Scott E., 05/02/2011
- RE: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>, Gina Choi, 05/02/2011
- Re: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>, Cantor, Scott E., 05/02/2011
- RE: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>, Gina Choi, 05/02/2011
- Re: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>, Cantor, Scott E., 05/02/2011
- RE: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>, Gina Choi, 05/02/2011
- Re: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>, Cantor, Scott E., 05/02/2011
- RE: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>, Gina Choi, 05/02/2011
- Re: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>, Cantor, Scott E., 05/02/2011
- RE: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>, Gina Choi, 05/02/2011
- Re: [OpenSAML] Difference NotOnOrAfter in <SubjectConfirmationData> and <Conditions>, Cantor, Scott E., 05/02/2011
Archive powered by MHonArc 2.6.16.