Dynamic Sessions Assumptions Builds on Browser Binding Sessions
Dynamic Sessions
Assumptions • Builds on Browser Binding • Sessions – Security related – Limit Assertion validity • Central Session Authority – Maintains global sessions • Participant Sites – Maintain local sessions
Requirements • User experiences seamless distributed session • Session operations – – Session Start User signoff Admin signoff Idle timeout – single global timeout interval • Participant sites choose level of participation – Session start only – Ignore timeout – Full
Session Start • Prior Authentication • Browser contacts PS • PS obtains Session Assertion from SA • SA records PS for this session • PS implements local session Browser Participant Site Session Authority
User or Admin Signoff • User or Admin requests signoff • Session Authority informs PSs • One way or Req/Resp • PS query alternative Participant Sites Browser Session Authority
Session Idle Timeout • Two phases – Discovery – Signoff – same as in previous • Participant Options – Synchronized local session – Shorter local session timeout – Longer local session timeout
PS Timeout Options • Longer local timeout – Ignore signoff message – Timeout based on local touch – Potentially inconsistent user experience • Shorter local timeout – – Local session ends User returns – appears to PS same as new user Contacts SA – global session still in progress Local session reestablished
Timeout Discovery Option 1 • SA sets session touch time at each session start • PSs report all recent touches to SA at fixed interval • SA calculates timeout Participant Sites Session Authority
Timeout Discovery Option 2 • SA sets session touch time at each session start • When session touch exceeds timeout, SA queries all PSs not reported recently • PSs report all recent touch times – all sessions Participant Sites Session Authority
Comparison • State maintained same – PSs - touch times all sessions – SA – per session - most recent touch & PS list, last report time per PS • Option 1 simpler algorithm for SA • Option 2 much less net traffic under any reasonable assumptions about # of PSs, users and PSs per user
- Slides: 10