OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] multiple authn statements

> > I wonder if this is part of the per-statement subject legacy where
> > you could have different Authn statements that applied to different
> > subjects and the one that would apply in any particular context
> > would be the one who's subject was confirmed.

I would agree except that I explicitly tried to change it for 2.0 and
couldn't convince people to let me.

> Another possibility would be if I had authenticated the user twice in
> the current session.  Once at a "stronger" level a while ago and then
> more recently with something less strong.  So one Authn Statement
> could say I authenticated with a smart card+pin at 5AM and then I
> verified a password at 8AM.

Yes, I've heard this before, but it doesn't line up with how people actually
implement the profile. As of SAML 1.1, we were able to break most
implementations simply by legally sending two assertions. Somehow I think
two statements would be even less likely to work.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]