In the rules for joining the federation, it's stated:
"The End User Organisation must ensure that sufficient logging information
is retained to be able to associate a particular End User with a given
session that it has authenticated."
Could someone clarify what is meant by "End User" and "session"?
Is an IdP expected to log and match local credentials, such as username,
to a session id that will make sense to an SP?
i.e. Is an SP expected to be able to say to an IdP "this session id caused
me problems - who was it?"
thanks,
Alistair
--
mov eax,1
mov ebx,0
int 80h
|