saml-dev message

Subject: Re: [saml-dev] Confusion regarding AuthnContext

From: bhaskar jain <bhaskar.jain2002@gmail.com>
To: Tom Scavo <trscavo@gmail.com>
Date: Mon, 21 Sep 2009 22:10:53 +0530

Tom,

Appreciate your response. I think it was coming but still do you know of any real-life SP's which restrict AuthnContextClass to a particular class and do not allow it to be configurable on the SP side?

Thanks.

--Bhaskar.

On Sun, Sep 20, 2009 at 9:34 PM, Tom Scavo <trscavo@gmail.com> wrote:

On Sat, Sep 19, 2009 at 8:16 PM, bhaskar jain
<bhaskar.jain2002@gmail.com> wrote:
>
> Is it a violation of the SAML standards, when you authenticate using a less
> secure method and claim to have done using a 'strong' method.

I should think the answer to this question is obvious. If what you (as
an IdP) assert in the authentication response is false, then clearly
there is no basis for trust whatsoever.

Tom

Follow-Ups:
- RE: [saml-dev] Confusion regarding AuthnContext
  - From: "Scott Cantor" <cantor.2@osu.edu>

References:
- Confusion regarding AuthnContext
  - From: bhaskar jain <bhaskar.jain2002@gmail.com>
- Re: [saml-dev] Confusion regarding AuthnContext
  - From: Tom Scavo <trscavo@gmail.com>