Association Handles and Service URIs

Marius Scurtescu marius at
Thu Aug 24 22:24:39 UTC 2006

On 24-Aug-06, at 3:07 PM, Kevin Turner wrote:

> On Thu, 2006-08-24 at 14:44 -0700, Marius Scurtescu wrote:
>> - are these handles supposed to be globally unique (across all IdPs)?
>> - why can't we just use the IdP service URI as an implicit handle?
> An IdP should use a different association for every RP.  An IdP will
> likely only know an association by this handle, it will not know  
> the URI
> of the RP. at the time the association is issued.

The RP URI (or the Trust Root) could be sent by the RP with the  
"associate" request.

> In contrast, an RP will be aware of which IdP it requested an
> association from.

So the RP does not really need this handle then, right?

>> - the association expiry time is expressed as a period of time, what
>> is the starting point?
> now.

Yes, but 'now' is relative. Between the time an association is  
created by the IdP (IdP's now) and the time it is sent back and  
parsed by the RP (RP's now) there is a gap. In most cases this gap is  
negligible, but it can create borderline issues.

More information about the yadis mailing list