saml-dev message

Subject: RE: [saml-dev] Confusion regarding AuthnContext

From: "Scott Cantor" <cantor.2@osu.edu>
To: "'bhaskar jain'" <bhaskar.jain2002@gmail.com>
Date: Mon, 21 Sep 2009 13:23:04 -0400

bhaskar jain wrote on 2009-09-21:
> "Configured on the SP side" meant that administrator could configure the
> AuthnContextClassRef (in our case PasswordProtectedTransport) on the SP
side
> like some SP's allow (e.g. WebEx)

Sorry, I still have no idea what you're describing.

> Our target are SaaS applications like salesforce and googleapps (which
> *do* not place any such restriction on AuthnContextClassRef) but wanted
> to be doubly sure before implementing an IdP which would always send
> 'PasswordProtectedTransport'.

Are they requiring a particular class at runtime, or not?

> What about government applications? Any idea whether they allow it to be
> configurable.

I don't think there's much practice in the govt space yet but the general
idea there is to use the AC to carry LOA identifiers, not things like
technologies.

-- Scott

Follow-Ups:
- RE: [saml-dev] Confusion regarding AuthnContext
  - From: Bill Young <Bill.Young@dia.govt.nz>

References:
- Confusion regarding AuthnContext
  - From: bhaskar jain <bhaskar.jain2002@gmail.com>
- Re: [saml-dev] Confusion regarding AuthnContext
  - From: Tom Scavo <trscavo@gmail.com>
- Re: [saml-dev] Confusion regarding AuthnContext
  - From: bhaskar jain <bhaskar.jain2002@gmail.com>
- Re: [saml-dev] Confusion regarding AuthnContext
  - From: bhaskar jain <bhaskar.jain2002@gmail.com>