[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: AI 270: IdP discovery profile errata
Description: There is confusion over how the contents of an IdP Discovery cookie are meant to be interpreted because of the allowance for specifying either persistent or session lifetime. Proposal: Profiles, section 4.3 Insert paragraph after line 1105: Note that while a session-only cookie can be used, the intent of this profile is not to provide a means of determining whether a user actually has an active session with one or more of the identity providers stored in the cookie. The cookie merely identifies identity providers known to have been used in the past. Service providers MAY instead rely on the IsPassive attribute in their samlp:AuthnRequest message to probe for active sessions. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]