shibboleth-dev - RE: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers
Subject: Shibboleth Developers
List archive
RE: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers
Chronological Thread
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers
- Date: Sun, 12 Jul 2009 16:30:40 -0400
- Organization: The Ohio State University
Chad La Joie wrote on 2009-07-12:
> I'll have to discuss it with Scott. I haven't studied the SLO profile
> enough to say for certain what the IdP needs to retain.
You have to retain the NameID used in the original assertion issued to each
SP. That's the lookup key between the IdP and SP. The SessionIndex is
probably needed if we're populating that to begin with in the assertion,
because normally logout is only meant to apply to a particular set of
sessions.
Transients don't "change" within the context of a particular session, but
are different by definition between SPs, so saving a single NameID isn't
enough.
I don't know whether we "expire" the transient ID mappings now on a
different schedule from the assertion validity, but I probably wouldn't do
that.
But the mapping on the IdP side would have to be from NameID to session in
order to support SP-initiated logout over back channel, if we decided to
support that.
-- Scott
<<attachment: winmail.dat>>
- Implementing SLO and help on finding out authenitcated service providers, Dharam Veer, 07/12/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Chad La Joie, 07/12/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Adam Lantos, 07/12/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Chad La Joie, 07/12/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Adam Lantos, 07/12/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Chad La Joie, 07/12/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Adam Lantos, 07/12/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Chad La Joie, 07/12/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Adam Lantos, 07/12/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Adam Lantos, 07/12/2009
- RE: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Scott Cantor, 07/12/2009
- Message not available
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Adam Lantos, 07/12/2009
- RE: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Scott Cantor, 07/12/2009
- Message not available
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Adam Lantos, 07/12/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Adam Lantos, 07/14/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Adam Lantos, 07/14/2009
- RE: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Scott Cantor, 07/14/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Chad La Joie, 07/12/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Adam Lantos, 07/12/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Chad La Joie, 07/12/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Adam Lantos, 07/12/2009
- Re: [Shib-Dev] Implementing SLO and help on finding out authenitcated service providers, Chad La Joie, 07/12/2009
Archive powered by MHonArc 2.6.16.