SP clock skew for Weblogic

Cantor, Scott cantor.2 at osu.edu
Wed Nov 9 16:34:02 GMT 2011

On 11/9/11 11:01 AM, "Joseph Valerio" <joseph.valerio at yale.edu> wrote:
>    I know that shib's SP allows
>    for such a skew and I completely agree that this setting belongs in
>    the SP, but is there anything in the SAML 2.0 specification that
>    hints to such a practice.

No, this is in the domain of "how do you implement a protocol that
requires clock synchronization?". I wouldn't expect the Kerberos RFC to
say anything about it either.

That said, there's never going to be an implementation guidelines document
for SAML, so failing that, my suggestion would be that you send a comment
to the security-services-comment list suggesting an errata to the spec
about it. We add SHOULDs for implementers when it makes sense.

-- Scott

More information about the users mailing list