shibboleth-dev - RE: NameIdentifier TTL
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: NameIdentifier TTL
- Date: Sun, 11 Dec 2005 15:10:10 -0500
- Organization: The Ohio State University
> But no matter what you do, SAML supplies no syntax for talking about the
TTL
> of a NameID.
Actually, I have to soften that...in 2.0, you can encrypt a signed assertion
into an EncryptedID, and the semantics of that are such that if the signed
assertion is limited in some way (like expiration), then the relying party
can use that to reject the attempt to use the NameID inside it. Liberty WSF
2.0 uses this feature in their identity tokens that are used like tickets to
reference principals.
But the semantic is more "limits on the use of the identifier" and not
really "expiration of the identifier".
-- Scott
- NameIdentifier TTL, Tom Scavo, 12/09/2005
- RE: NameIdentifier TTL, Scott Cantor, 12/10/2005
- Re: NameIdentifier TTL, Tom Scavo, 12/11/2005
- RE: NameIdentifier TTL, Scott Cantor, 12/11/2005
- RE: NameIdentifier TTL, Scott Cantor, 12/11/2005
- Re: NameIdentifier TTL, Tom Scavo, 12/11/2005
- RE: NameIdentifier TTL, Scott Cantor, 12/11/2005
- Re: NameIdentifier TTL, Tom Scavo, 12/12/2005
- RE: NameIdentifier TTL, Scott Cantor, 12/12/2005
- Re: NameIdentifier TTL, Tom Scavo, 12/12/2005
- RE: NameIdentifier TTL, Scott Cantor, 12/12/2005
- Re: NameIdentifier TTL, Tom Scavo, 12/12/2005
- RE: NameIdentifier TTL, Scott Cantor, 12/11/2005
- RE: NameIdentifier TTL, Scott Cantor, 12/11/2005
- Re: NameIdentifier TTL, Tom Scavo, 12/11/2005
- RE: NameIdentifier TTL, Scott Cantor, 12/10/2005
Archive powered by MHonArc 2.6.16.