OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] multiple authn statements

> > > The SAML specs use the phrase "at least one authentication
> > > in various places, which leaves open the possibility of multiple
> > > statements.  When might an assertion have multiple authentication
> > > statements?  Is there a use case for that?
> >
> > None I could ever come up with. I wanted the SSO profile to require
> > one, biggest annoyance implementing it IMHO.
> I wonder if this is part of the per-statement subject legacy where
> you could have different Authn statements that applied to different
> subjects and the one that would apply in any particular context
> would be the one who's subject was confirmed.

Another possibility would be if I had authenticated the user twice in 
the current session.  Once at a "stronger" level a while ago and then
more recently with something less strong.  So one Authn Statement
could say I authenticated with a smart card+pin at 5AM and then I
verified a password at 8AM.

Not sure I would ever do this, but it seems to make sense.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]