Shibboleth Developers

["David L. Wasley" <>]

Well, not quite.  First of all, correlation of sequential activities 
can't be done with transaction IDs (unless you have access to the IdP 
logs).  What I'm concerned about WRT keeping histories of ePTIDs is 
an SP coming back after I "wipe the slate clean" and asking the IdP 
for the current ePTID associated with a former ePTID.  In other 
words, making moot my feeble attempt at dissociation.

        David

-----
At 2:43 PM -0400 on 8/1/05, Scott Cantor wrote:

>  > Spencer,  I think there is a better way to do this.  First of all,
> >  you won't (I believe) get an ePTID since there is no need to identify
> >  a person beyond "member of the community".  However, you will get a
> >  transaction ID (I assume - right?) and that can be sent back to the
> >  IdP for correlation with the IdP's logs.
>
> First of all, he can certainly ask for ePTID, it was conceived for use by
> applications like J-STOR. But that's beside the point, which is that your
> concerns about IdPs keeping histories of them don't seem to be an issue
> since there's complete transaction tracing possible without it.
>
> You don't know anything more at the IdP by subbing in a persistent value
> than you know today.
>
> -- Scott