[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] multiple authn statements
> > > The SAML specs use the phrase "at least one authentication statement" > > > in various places, which leaves open the possibility of multiple such > > > statements. When might an assertion have multiple authentication > > > statements? Is there a use case for that? > > > > None I could ever come up with. I wanted the SSO profile to require only > > one, biggest annoyance implementing it IMHO. > > I wonder if this is part of the per-statement subject legacy where > you could have different Authn statements that applied to different > subjects and the one that would apply in any particular context > would be the one who's subject was confirmed. Another possibility would be if I had authenticated the user twice in the current session. Once at a "stronger" level a while ago and then more recently with something less strong. So one Authn Statement could say I authenticated with a smart card+pin at 5AM and then I verified a password at 8AM. Not sure I would ever do this, but it seems to make sense. Conor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]