shibboleth-dev - RE: [Shib-Dev] sessionid, previous session, assertions - web gardens, web farms, concurrent sessionstate locking....
Subject: Shibboleth Developers
List archive
RE: [Shib-Dev] sessionid, previous session, assertions - web gardens, web farms, concurrent sessionstate locking....
Chronological Thread
- From: Peter Williams <>
- To: "" <>
- Subject: RE: [Shib-Dev] sessionid, previous session, assertions - web gardens, web farms, concurrent sessionstate locking....
- Date: Sat, 9 May 2009 16:45:10 -0700
- Accept-language: en-US
- Acceptlanguage: en-US
Ok. I have some useful understanding I didn't have before. And I can reduce
it to my level.
The saml session id values ought to vary by assertion, within one idp
session,for different sp sites. The reason is easy and intuitive:
privacy/anti-correlation.
Ill read the spec/errata more to see what it says about sessionid values in
followup assertions for the same sp-audience. Hopefuly there is only 1, so
only 1 value need be kept around in the app session to have (later) the sp
invoke slo on the right set of SPs, per nameid.
-----Original Message-----
FThe IdP is in
charge of the values, and it appears to set them based on the session cookie
from the browser.
In fact, I think it may have a bug, because if it's setting the same value
across SPs, that's a privacy mistake. They're not supposed to correlate.
- RE: [Shib-Dev] sessionid, previous session, assertions - web gardens, web farms, concurrent sessionstate locking...., Peter Williams, 05/09/2009
- RE: [Shib-Dev] sessionid, previous session, assertions - web gardens, web farms, concurrent sessionstate locking...., Scott Cantor, 05/09/2009
- <Possible follow-up(s)>
- RE: [Shib-Dev] sessionid, previous session, assertions - web gardens, web farms, concurrent sessionstate locking...., Peter Williams, 05/09/2009
Archive powered by MHonArc 2.6.16.