Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define timeouts and request limits for authenticated sessions #51

Open
marsella opened this issue Jul 29, 2022 · 1 comment
Open

Define timeouts and request limits for authenticated sessions #51

marsella opened this issue Jul 29, 2022 · 1 comment

Comments

@marsella
Copy link
Contributor

Currently, the systems architecture section of the specification defines sessions that allow exactly one operation after successful authentication.

In practice, this is inefficient. A better approach is to set a reasonable heuristic for the number of requests that can be made for a single authentication, and to set a timeout for how long a session can be open (in general, and without an active request).

This should be defined for both a registration session and a request session.
@marsella marsella mentioned this issue Jul 29, 2022
Merged
@indomitableSwan
Copy link
Contributor

Additional considerations include the nature of the given request, i.e.., some requests are more sensitive than others.

@indomitableSwan indomitableSwan changed the title Define timeouts and request limits for authentication sessions Define timeouts and request limits for authenticated sessions Jul 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marsella @indomitableSwan