3.1.6 Timer Events

There are no protocol-specific timer events that MUST be serviced by an implementation. This protocol does not require timers beyond those that might be used by the underlying transport to transmit and receive messages over HTTP and SSL/TLS. The protocol does not include provisions for time-based retry for sending protocol messages.

Security tokens and Authentication Contexts do have validity intervals, as specified in section 3.1.2. Implementations MAY<60> use a timer to indicate when the validity interval of a security token or an Authentication Context expires, but the protocol does not require the use of a timer.