In R&E circles, session lifetimes tend to align with the lifetime of a user’s Kerberos ticket-getting-ticket (for those that used or still use Kerberos). I think that is 10 hours, to cover a normal work day with padding built in. I don’t know that that is what libraries want, but it’s what most R&E IdPs tend to offer.
Nick
On 25 Feb 2020, at 4:19, Koren, Meshna (ELS-AMS) wrote:
Dear all,
I have another question which I posted on another thread earlier...
From the library's perspective, what is a reasonable time for an SP to maintain a session for a user?
It would have been possible for Elsevier to maintain a session for any lenght of time - but is that desirable by the libraries? Should we confirm with the library that a user is still affiliated with it whenever a user wants to access the service (such as ScienceDirect)? Or every day? Every week? Every month? Every 6 months?
Thanks, Meshna
Meshna Koren
Associate Product Manager Product Management - Identity and Access - Research Products
Elsevier BV Radarweg 29, Amsterdam 1043 NX, The Netherlands m.koren@elsevier.commailto:m.koren@elsevier.com
Federated Access - SAML, Shibboleth, Corporate SSO, OpenAthens, Institutional Login
Elsevier B.V. Registered Office: Radarweg 29, 1043 NX Amsterdam, The Netherlands, Registration No. 33156677, Registered in The Netherlands.
FIM4L mailing list FIM4L@lists.daasi.de http://lists.daasi.de/listinfo/fim4l