Shibboleth Developers

["Michael A. Grady" <>]

Ah, I see.

I guess I was thinking along the lines that the HS itself
also functions as an ISO app, and as such needs to make a decision
as to whether or not the end user needs to re-authenticate to be
considered 'appropriately authenticated' with the HS in the first place.
Making that decision would seem to require having both idle time and
session time.

> From: "Scott Cantor" 
> <>
> To: 
> <>
> Subject: RE: HS/ISO interface
> Date: Tue, 20 Nov 2001 11:25:49 -0500
> X-MSMail-Priority: Normal
> Importance: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
> X-OriginalArrivalTime: 20 Nov 2001 16:25:49.0542 (UTC) 
FILETIME=[03EAD860:01C171E0]
> X-Listprocessor-Version: 8.2.09/990901/11:28 -- ListProc(tm) by CREN
> 
> > Actually, we've always had two time values -- idle time, and 
> > session time. Most apps use idle time to determine when to 
> > require re-authentication, not the elapsed session time. I'm 
> > not actaully sure what our Apache module for Bluestem stuffs 
> > them into (as far as variable names), as I've 
> > always used our subroutine API to get the information.
> 
> I enforce both, but the context here is for communicating the time left
> on somebody's login "token" to the HS if it wants to bound the lifetime
> of the handle/attributes in some algorithmic way. Idle time/timeouts
> don't really apply to that situation.
> 
> -- Scott
> 
> 

--
Michael A. Grady                             

Senior Research Programmer                   http://ljordal.cso.uiuc.edu 
Computing & Communications Services Office   (217) 244-1253  phone
University of Illinois at Urbana-Champaign   (217) 265-5635  fax
Rm. 103, MC 680, 2212 Fox Drive, Suite C     Champaign, IL 61820

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--