[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] multiple authn statements
> > I wonder if this is part of the per-statement subject legacy where > > you could have different Authn statements that applied to different > > subjects and the one that would apply in any particular context > > would be the one who's subject was confirmed. I would agree except that I explicitly tried to change it for 2.0 and couldn't convince people to let me. > Another possibility would be if I had authenticated the user twice in > the current session. Once at a "stronger" level a while ago and then > more recently with something less strong. So one Authn Statement > could say I authenticated with a smart card+pin at 5AM and then I > verified a password at 8AM. Yes, I've heard this before, but it doesn't line up with how people actually implement the profile. As of SAML 1.1, we were able to break most implementations simply by legally sending two assertions. Somehow I think two statements would be even less likely to work. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]