OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Re: ForceAuthn (was Use Cases)



John Kemp wrote on 11/29/2003, 2:58 PM:
 >
 > As others have previously pointed out, an SP could request an
 > appropriate minimum authentication context when making the
 > authentication request. That context could specify that a direct user
 > interaction is made by the IdP. Such a usage would preclude the use of
 > cached credentials by the IdP, and force them to either interact with
 > the user or return a failure code to the SP.

Of course, this only solves the issue of credentials cached at the IdP. 
   The credentials could also be cached at the client (I certainly do it 
for username/password authentication through my browser, even at those 
sites that try to disable it).  However, I think that solving the 
caching at the client problem might be out of scope for the SSTC, if it 
is really solvable at all.

Conor

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]