Re: [Architecture] Why we use timestampSkew default value as 300 seconds in identity.xml, why not 0 seconds.

Wed, 31 May 2017 00:40:13 -0700 

On Wed, May 31, 2017 at 12:28 PM, Thanuja Jayasinghe <than...@wso2.com>
wrote:

> Hi Dinali,
>
> Consider the following calculation.
>
> expiry time = issuedTimeInMillis + validityPeriodMillis -
> (System.currentTimeMillis() - timestampSkew)
>
> So actually token is valid for (validityPeriodMillis + timestampSkew)
> seconds. This additional time is added to avoid the error occurred due to
> the time synchronization issues between servers.
>
> If your servers are perfectly synced then you can use timestampSkew value
> as 0.
>

If we do not have any reasoning behind this 300s value the shouldn't our
default value be 0 as Dinali has suggested?


> Thanks,
> Thanuja
>
>
> On Wed, May 31, 2017 at 12:01 PM, Dinali Dabarera <din...@wso2.com> wrote:
>
>> Hi All,
>>
>> In our identity.xml the default timeStampScrew value is used as 300
>> seconds. Shouldn't this be 0 seconds?
>>
>> Because when we are getting a token from password grant type again and
>> again *without a time delay*, the expiry time of the token
>> increases than its accepted value because of this equation we are using.
>>
>> expiry time = issuedTimeInMillis + validityPeriodMillis - (System.
>> currentTimeMillis() - timestampSkew);
>>
>> Since timestampSkew = 300 seconds, validityPeriodMillis = 3600 seconds,
>> therefore, expiry time = 3644 seconds which can not be happened.
>>
>> Therefore, it is better to have the default timeStampScrew value as 0
>> seconds in order to get correct results.
>>
>>
>> Thanks!
>>
>> --
>> *Dinali Rosemin Dabarera*
>> Software Engineer
>> WSO2 Lanka (pvt) Ltd.
>> Web: http://wso2.com/
>> Email : gdrdabar...@gmail.com
>> LinkedIn <https://lk.linkedin.com/in/dinalidabarera>
>> Mobile: +94770198933 <+94%2077%20019%208933>
>>
>>
>>
>>
>> <https://lk.linkedin.com/in/dinalidabarera>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> *Thanuja Lakmal*
> Associate Technical Lead
> WSO2 Inc. http://wso2.com/
> *lean.enterprise.middleware*
> Mobile: +94715979891
>
> _______________________________________________
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>

_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to