Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dynamic Sessions. Assumptions Builds on Browser Binding Sessions –Security related –Limit Assertion validity Central Session Authority –Maintains global.

Published byGrace Warren Modified over 9 years ago

Similar presentations

Presentation on theme: "Dynamic Sessions. Assumptions Builds on Browser Binding Sessions –Security related –Limit Assertion validity Central Session Authority –Maintains global."— Presentation transcript:

1 Dynamic Sessions

2 Assumptions Builds on Browser Binding Sessions –Security related –Limit Assertion validity Central Session Authority –Maintains global sessions Participant Sites –Maintain local sessions

3 Requirements User experiences seamless distributed session Session operations –Session Start –User signoff –Admin signoff –Idle timeout – single global timeout interval Participant sites choose level of participation –Session start only –Ignore timeout –Full

4 Session Start Prior Authentication Browser contacts PS PS obtains Session Assertion from SA SA records PS for this session PS implements local session Session Authority Participant Site Browser

5 User or Admin Signoff User or Admin requests signoff Session Authority informs PSs One way or Req/Resp PS query alternative Session Authority Participant Sites Browser

6 Session Idle Timeout Two phases –Discovery –Signoff – same as in previous Participant Options –Synchronized local session –Shorter local session timeout –Longer local session timeout

7 PS Timeout Options Longer local timeout –Ignore signoff message –Timeout based on local touch –Potentially inconsistent user experience Shorter local timeout –Local session ends –User returns – appears to PS same as new user –Contacts SA – global session still in progress –Local session reestablished

8 Timeout Discovery Option 1 SA sets session touch time at each session start PSs report all recent touches to SA at fixed interval SA calculates timeout Session Authority Participant Sites

9 Timeout Discovery Option 2 SA sets session touch time at each session start When session touch exceeds timeout, SA queries all PSs not reported recently PSs report all recent touch times – all sessions Session Authority Participant Sites

10 Comparison State maintained same –PSs - touch times all sessions –SA – per session - most recent touch & PS list, last report time per PS Option 1 simpler algorithm for SA Option 2 much less net traffic under any reasonable assumptions about # of PSs, users and PSs per user

Download ppt "Dynamic Sessions. Assumptions Builds on Browser Binding Sessions –Security related –Limit Assertion validity Central Session Authority –Maintains global."

Similar presentations

What’s New in Fireware XTM v11.3.4

What’s New in Fireware XTM v11.3.4
Drybridge Consulting Party Identification Directory Installing the Microsoft Research Service IDEAlliance and Drybridge Consulting – collaborating to deliver.

Drybridge Consulting Party Identification Directory Installing the Microsoft Research Service IDEAlliance and Drybridge Consulting – collaborating to deliver.
PAWS: Use Cases I-D: draft-ietf-paws-problem-stmt-usecases-rqmts Basavaraj Patil, Scott Probasco (Nokia) Juan Carlos Zuniga (Interdigital) IETF 82.

PAWS: Use Cases I-D: draft-ietf-paws-problem-stmt-usecases-rqmts Basavaraj Patil, Scott Probasco (Nokia) Juan Carlos Zuniga (Interdigital) IETF 82.
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
CS 603 Process Synchronization: The Colored Ticket Algorithm February 13, 2002.

CS 603 Process Synchronization: The Colored Ticket Algorithm February 13, 2002.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Dynamic Sessions OASIS Security Services Face to Face #3 June 25, 2001.

Dynamic Sessions OASIS Security Services Face to Face #3 June 25, 2001.
Choose and Book Archive New functionality from November 2012.

Choose and Book Archive New functionality from November 2012.
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.

State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
Brewer’s Conjecture and the Feasibility of Consistent, Available, Partition-Tolerant Web Services Authored by: Seth Gilbert and Nancy Lynch Presented by:

Brewer’s Conjecture and the Feasibility of Consistent, Available, Partition-Tolerant Web Services Authored by: Seth Gilbert and Nancy Lynch Presented by:
THE CASE FOR PREFETCHING AND PREVALIDATING TLS SERVER CERTIFICATES Emily Stark, Lin-Shung Huang, Dinesh Israni, Collin Jackson, Dan Boneh Presented by:

THE CASE FOR PREFETCHING AND PREVALIDATING TLS SERVER CERTIFICATES Emily Stark, Lin-Shung Huang, Dinesh Israni, Collin Jackson, Dan Boneh Presented by:
What will change? Effective January 2013, the eCheck/eTravel System will no longer use social security numbers. Rather than using SSNs, each record will.

What will change? Effective January 2013, the eCheck/eTravel System will no longer use social security numbers. Rather than using SSNs, each record will.
Distributed Databases John Ortiz. Lecture 24Distributed Databases2  Distributed Database (DDB) is a collection of interrelated databases interconnected.

Distributed Databases John Ortiz. Lecture 24Distributed Databases2  Distributed Database (DDB) is a collection of interrelated databases interconnected.
Online Test Administration Overview Copyright © 2014 American Institutes for Research. All rights reserved. Training Module.

Online Test Administration Overview Copyright © 2014 American Institutes for Research. All rights reserved. Training Module.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
HRMS Unit Liaisons November 17, 2006 1 Two-Factor Authentication Update Information for Unit Liaisons  Phase 6 MToken distribution (UMHS and Medical School)

HRMS Unit Liaisons November 17, Two-Factor Authentication Update Information for Unit Liaisons  Phase 6 MToken distribution (UMHS and Medical School)

Similar presentations

Ads by Google