Sessions in most non-HTTP applications involve network connection setup and maintenance, and security is often scoped to the network connection. With HTTP applications, state management and security are often layered on top within the application, and create a lot of additional complexity.
- Application-Managed vs. Infrastructure-Managed
- Initiating
- Timeouts
- Logout Implications
- Any security threats unique to federation?