shibboleth-dev - RE: attribute push
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: attribute push
- Date: Mon, 11 Sep 2006 11:11:16 -0400
- Organization: The Ohio State University
> > We didn't discuss the layout of the message but we are moving towards a
> > primarily attribute push model. My guess, for SAML 2 at least, would be
> > one assertion, two statements.
>
> What would the lifetime of the assertion be in that case?
Probably the same as ReauthenticateOnOrAfter would be in most cases, but the
IdP determines it. At some point, we might do some Liberty thing that would
dictate using a longer lifetime, perhaps, but it really isn't all that
relevant to the SSO use case.
As Chad noted, I'm yanking all code related to refreshing attributes within
a session, so the lifetime essentially doesn't matter for the purposes of
the validity of the data. There is in fact no rule that says that's what
validity means, as RLBob has noted many times. As in certificates, it's the
validity of the assertion, not the validity of the data inside it.
-- Scott
- attribute push, Tom Scavo, 09/11/2006
- Re: attribute push, Chad la Joie, 09/11/2006
- Re: attribute push, Tom Scavo, 09/11/2006
- Re: attribute push, Chad la Joie, 09/11/2006
- RE: attribute push, Scott Cantor, 09/11/2006
- Re: attribute push, Tom Scavo, 09/11/2006
- Re: attribute push, Chad la Joie, 09/11/2006
- RE: attribute push, Scott Cantor, 09/11/2006
- Re: attribute push, Tom Scavo, 09/11/2006
- RE: attribute push, Scott Cantor, 09/11/2006
- Re: attribute push, Tom Scavo, 09/11/2006
- RE: attribute push, Scott Cantor, 09/11/2006
- Re: attribute push, Tom Scavo, 09/11/2006
- RE: attribute push, Scott Cantor, 09/11/2006
- Re: attribute push, Tom Scavo, 09/11/2006
- RE: attribute push, Scott Cantor, 09/11/2006
- Re: attribute push, Tom Scavo, 09/11/2006
- Re: attribute push, Chad la Joie, 09/11/2006
Archive powered by MHonArc 2.6.16.