[Openid-specs-risc] Session Extension Event
Dawud Gordon
dawud at twosense.ai
Tue Aug 18 14:40:04 UTC 2020
Hello All,
On our last call, I proposed adding an event to extend a session for a
user+device+session.
My goal was to enable CAE to perform with an IdP with a short session
configuration, where signals and events keep sessions open when trusted,
rather than only closing them when risk is identified.
This was met with some resistance and I understand that CAEP is designed
for long sessions with external risk signals instead of trust signals.
>From my perspective, we would only need one component for CAEP to support
both modalities, which would be an event to push a trust-based session
extension signal from a 3rd party to the IdP.
Without this, it would be an IdP specific implementation outside of CAEP.
Are there previous discussions on this I can catch up on? Or any blatant
reasons I'm overlooking why this is a bad idea?
Thanks!
Cheers,
-dawud
--
Dawud Gordon, PhD
TWOSENSE.AI | CEO & Co-Founder
195 Montague St, Brooklyn, NY 11201
+1 (845) 652 3579
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20200818/8a6294d9/attachment.html>
More information about the Openid-specs-risc
mailing list