1 / 10

Dynamic Sessions

Dynamic Sessions. Assumptions. Builds on Browser Binding Sessions Security related Limit Assertion validity Central Session Authority Maintains global sessions Participant Sites Maintain local sessions. Requirements. User experiences seamless distributed session Session operations

zinke
Download Presentation

Dynamic Sessions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dynamic Sessions

  2. Assumptions • Builds on Browser Binding • Sessions • Security related • Limit Assertion validity • Central Session Authority • Maintains global sessions • Participant Sites • Maintain local sessions

  3. Requirements • User experiences seamless distributed session • Session operations • Session Start • User signoff • Admin signoff • Idle timeout – single global timeout interval • Participant sites choose level of participation • Session start only • Ignore timeout • Full

  4. Session Start • Prior Authentication • Browser contacts PS • PS obtains Session Assertion from SA • SA records PS for this session • PS implements local session Browser Participant Site Session Authority

  5. User or Admin Signoff • User or Admin requests signoff • Session Authority informs PSs • One way or Req/Resp • PS query alternative Participant Sites Browser Session Authority

  6. Session Idle Timeout • Two phases • Discovery • Signoff – same as in previous • Participant Options • Synchronized local session • Shorter local session timeout • Longer local session timeout

  7. PS Timeout Options • Longer local timeout • Ignore signoff message • Timeout based on local touch • Potentially inconsistent user experience • Shorter local timeout • Local session ends • User returns – appears to PS same as new user • Contacts SA – global session still in progress • Local session reestablished

  8. Timeout Discovery Option 1 • SA sets session touch time at each session start • PSs report all recent touches to SA at fixed interval • SA calculates timeout Participant Sites Session Authority

  9. Timeout Discovery Option 2 • SA sets session touch time at each session start • When session touch exceeds timeout, SA queries all PSs not reported recently • PSs report all recent touch times – all sessions Participant Sites Session Authority

  10. Comparison • State maintained same • PSs - touch times all sessions • SA – per session - most recent touch & PS list, last report time per PS • Option 1 simpler algorithm for SA • Option 2 much less net traffic under any reasonable assumptions about # of PSs, users and PSs per user

More Related