Shibboleth Developers

["Scott Cantor" <>]

I don't think this issue is complex enough to need any kind of
"proposal", but I had one question. REMOTE_USER is obviously the place
to specify the username be placed by the ISO layer for the HS to pick
up, but is there any commonality in passing session lifetime?

I use AUTH_LIFETIME (chosen to match AUTH_TYPE and some other AUTH_*
headers that are somewhat standard), but I just picked it. What does
pubcookie use? This should probably just be a "high vote wins" thing, I
guess.

I presume specifying it be in seconds wouldn't be too controversial,
though.

We don't need to specify what, if anything, the HS should do with the
lifetime information. I don't know myself what would make sense. Does
Kerberos issue service tickets that extend beyond the life of the TGT
that asks for them?

-- Scott

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--