OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Confusion regarding AuthnContext


Appreciate your response. I think it was coming but still do you know of any real-life SP's which restrict AuthnContextClass to a particular class and do not allow it to be configurable on the SP side?  



On Sun, Sep 20, 2009 at 9:34 PM, Tom Scavo <trscavo@gmail.com> wrote:
On Sat, Sep 19, 2009 at 8:16 PM, bhaskar jain
<bhaskar.jain2002@gmail.com> wrote:
> Is it a violation of the SAML standards, when you authenticate using a less
> secure method and claim to have done using  a 'strong' method.

I should think the answer to this question is obvious. If what you (as
an IdP) assert in the authentication response is false, then clearly
there is no basis for trust whatsoever.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]