Skip to content
This repository has been archived by the owner on May 10, 2019. It is now read-only.

Single-use certificates when user clicks "For this session only" #3770

Closed
fmarier opened this issue Aug 9, 2013 · 2 comments
Closed

Single-use certificates when user clicks "For this session only" #3770

fmarier opened this issue Aug 9, 2013 · 2 comments
Labels
cleanup-2014 ★★★

Comments

@fmarier
Copy link
Contributor

fmarier commented Aug 9, 2013

If a user clicks "For this session only" and then closes the browser, the certificate that's in the browser is not deleted and in fact is still valid for up to one hour.

A proposed solution is to create single-use certs when the user requests an ephemeral session:

  1. create a cert & get it signed by the IdP
  2. use the cert to create an assertion with the IdP
  3. delete the cert

This is related to issue #3769.
@fmarier fmarier mentioned this issue Aug 9, 2013
Closed
@shane-tomlinson
Copy link

I thought there was a bug open about this already, but I can't find it.

@callahad
Copy link
Contributor

Hi! To help us better focus, I'm "closing" all issues that have been open for more than six months. These have been tagged "cleanup-2014" so that we can go back and review them in the future.

For more information, check out this thread: http://thread.gmane.org/gmane.comp.mozilla.identity.devel/7394

If you believe this bug is still a major issue for you, please comment, submit a pull request, or discuss it on our mailing list: https://lists.mozilla.org/listinfo/dev-identity

Sorry for GitHub notification spam!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
cleanup-2014 ★★★
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@callahad @fmarier @shane-tomlinson