[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: AuthnRequest and isPassive=true
isPassive=true was intended to be used by a Relying Party when they would like to know who you are, but not enough to ask the IdP to actually interact with the user. If the IdP doesn’t have an existing session with the user or has not already gotten permission to send an assertion to the RP, the IdP is expected to respond with an “I don’t know” to the RP. So you can see it as an RP indicator to the IdP that the RP doesn’t want the IdP to prompt the user for credentials/permission. This allows an RP to do something like saying “Welcome Conor” and giving me a user customized home page without the need for me to authenticate to get it. Sort of like what happens when you go to Amazon, but without the need for a cookie. Conor From: Paul Hethmon [mailto:paul.hethmon@clareitysecurity.com] Is there any commentary expanding on the spec in what isPassive=”true” means? Or is meant to mean? |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]