|
|
|
Based on the values of the Validity Duration and Skew Time, the assertion generator calculates the total time that the assertion is valid. In the assertion document, the beginning and end of the validity interval is represented by the NotBefore and NotOnOrAfter values.
To determine the beginning of the validity interval, the assertion generator takes the system time when the assertion is generated and sets the IssueInstant value in the assertion according to this time. It then subtracts the Skew Time value from the IssueInstant value. The resulting time becomes the NotBefore value.
To determine the end of the validity interval, the assertion generator adds the Validity Duration value and the Skew Time together. The resulting time becomes the NotOnOrAfter value.
For example, an assertion is generated at the producer at 1:00 GMT. The skew time is 30 seconds and the validity duration is 60 seconds, making the assertion validity interval between 12:59:30 GMT and 1:01:30 GMT. This interval begins 30 seconds prior to the time the assertion was generated and ends 90 seconds afterward.
Note: Times are relative to GMT.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |