[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] AuthnContext for WebSSO
* prabhat chaturvedi <chaturvedi.prabhat@gmail.com> [2015-07-16 09:11]: > When we request, we request the "exact" comparison. My point exactly. > So we would not get the least secure, but what we request for. Which is the same thing, of course (modulo rather unusual deployments with IP-address based authn, or some such). > We request that, because we want the user be challenged by > username-password for sure. Sounds like what you want is forcedAuthentication, then. > Jeff, if keeping AuthnContext unspecified calls for security, why > are there other means of AuthnContext specified in the specs. Is > that security by obscurity? I couldn't follow that argument either. ("I want you to accept my assertion but I won't tell you the authn method" for /whose/ security, exactly?) -peter
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]