Shibboleth Developers

[Jim Fox <>]

> > Our different understanding is not whether an ePTID can ever change.
> > The causes you mention are valid reasons to change an ePTID.
> > However, absent some special agreement or action between the SP
> > and IdP, I think an ePTID for a user to a particular SP has to be
> > invariant, forever.
>
> The relevant property is non-reassignment. Under various circumstances the
> value may change, and of course it's useful to have mechanisms to inform the
> SP of that, as SAML 2 does. But a given value is never recycled.

A casual reader of this might come to the conclusion that he, as
as IdP, CAN, at any time. change the ePTID sent to an SP for a user and
maybe he SHOULD inform the SP, but he doesn't HAVE TO.  And that
the notice of this change, if there is one, can come subsequent to the
change itself.  Is that correct?

Jim