Skip to Content.
Sympa Menu

shibboleth-dev - RE: TargetedID Durability

Subject: Shibboleth Developers

List archive

RE: TargetedID Durability


Chronological Thread 
  • From: "David L. Wasley" <>
  • To:
  • Subject: RE: TargetedID Durability
  • Date: Mon, 1 Aug 2005 12:15:19 -0700
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=IX9SnFAgrYfqN0XeIGYLxhaONnQdDxE0lIazOvOjdBzvIHjjiKsOIHHUck7BblXF; h=Received:Mime-Version:Message-Id:In-Reply-To:References:Date:To:From:Subject:Content-Type:X-ELNK-Trace:X-Originating-IP;

Well, not quite. First of all, correlation of sequential activities can't be done with transaction IDs (unless you have access to the IdP logs). What I'm concerned about WRT keeping histories of ePTIDs is an SP coming back after I "wipe the slate clean" and asking the IdP for the current ePTID associated with a former ePTID. In other words, making moot my feeble attempt at dissociation.

David

-----
At 2:43 PM -0400 on 8/1/05, Scott Cantor wrote:

> Spencer, I think there is a better way to do this. First of all,
you won't (I believe) get an ePTID since there is no need to identify
a person beyond "member of the community". However, you will get a
transaction ID (I assume - right?) and that can be sent back to the
IdP for correlation with the IdP's logs.

First of all, he can certainly ask for ePTID, it was conceived for use by
applications like J-STOR. But that's beside the point, which is that your
concerns about IdPs keeping histories of them don't seem to be an issue
since there's complete transaction tracing possible without it.

You don't know anything more at the IdP by subbing in a persistent value
than you know today.

-- Scott




Archive powered by MHonArc 2.6.16.

Top of Page