[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue of multiple authn statements during SSO
A remaining substantive issue in the SSO profile relates to the request by several TC members to permit multiple authentication statements in the response. I'm unclear on what the use case for this is, but if we're to do it, I believe we need to address what this is supposed to mean to the relying party, as well as how to interpret a case in which you would get multiple assertions, each with bearer confirmation, and an authentication statement. This was always something I found awkward in the old profiles, and I was in favor of fixing it by restricting the profile to one statement because I don't understand the use case for two. So I continue to support that position, but would ask those with the use case to explain it, and supply text for the profile around it so that it's clear what the SP is to do to resolve any conflicts in the statements (e.e. different ReauthenticateOnOrAfter values). -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]