[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [saml-dev] AuthnContext for WebSSO
* prabhat chaturvedi <chaturvedi.prabhat@gmail.com> [2015-07-16 09:11]:
> When we request, we request the "exact" comparison.
My point exactly.
> So we would not get the least secure, but what we request for.
Which is the same thing, of course (modulo rather unusual deployments
with IP-address based authn, or some such).
> We request that, because we want the user be challenged by
> username-password for sure.
Sounds like what you want is forcedAuthentication, then.
> Jeff, if keeping AuthnContext unspecified calls for security, why
> are there other means of AuthnContext specified in the specs. Is
> that security by obscurity?
I couldn't follow that argument either. ("I want you to accept my
assertion but I won't tell you the authn method" for /whose/ security,
exactly?)
-peter
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]