[prev in list] [next in list] [prev in thread] [next in thread] 

List:       shibboleth-users
Subject:    Re: [Shib-Users] Broke - delete user session
From:       "Cantor, Scott E." <cantor.2 () osu ! edu>
Date:       2011-03-26 18:54:56
Message-ID: C9B3F4C7.7381%cantor.2 () osu ! edu
[Download RAW message or body]

On 3/26/11 3:14 PM, "Martins Purins" <mpurins@gmail.com> wrote:
>In general case application holder, should contact IDP holder or even
>user DB holder through IDP holder. It takes the time. There is no
>reason to reload SP, before user is not "locked".

That's what authorization is for, assuming you're dealing with users on
the basis of a persistent identifier.

>Lack of possibility to force user logout, can be serious drawback for
>lot of production systems.

Only if those systems have no authorization capabilities.

-- Scott


[prev in list] [next in list] [prev in thread] [next in thread]