Dynamic Sessions. OASIS Security Services Face to Face #3 June 25, 2001. Motivation.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
OASIS Security Services Face to Face #3
June 25, 2001
The purpose of Dynamic Sessions is to allow the federation of SAML-aware applications into a cooperative ecosystem that presents users and administrators with a single, global login session across all of the participating applications in the ecosystem.
Local Session – A set of state information shared between a client application and the Resource Manager. This information is used for tracking the users activity within the overall system. Example implementation: javax.servlet.http.HttpSession.
Global Session – The union of the set of local sessions maintained by various Resource Managers that apply to the same Principal and Authentication Assertion.
Resource Manager – An Entity within a distributed system that is responsible for managing resources. A Resource Manager can encapsulate or be closely coupled with a PEP.
Session Authority – The System Entity responsible for maintaining Global Session state and issuing Session Assertions.
Session Assertion – A SAML Assertion that contains information about the state of a Global Session and (possibly) references to the Authentication Assertion that was used to initiate the session.
Session Participant – A Resource Manager that normally tracks and maintains Local Sessions which has also chosen to participate in the Global Sessions system.
There are two interesting possibilities for the relationship between Global Session Timeouts and Local Session Timeouts: either the Local Session Timeout exceeds the Global Session Timeout, or the Global Session Timeout exceeds the Local Session Timeout.
Resource Managers may elect to participate in Dynamic Sessions by either: