OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] AuthnContext for WebSSO

* prabhat chaturvedi <chaturvedi.prabhat@gmail.com> [2015-07-16 09:11]:
> When we request, we request the "exact" comparison.

My point exactly.

> So we would not get the least secure, but what we request for.

Which is the same thing, of course (modulo rather unusual deployments
with IP-address based authn, or some such).

> We request that, because we want the user be challenged by
> username-password for sure.

Sounds like what you want is forcedAuthentication, then.

> Jeff, if keeping AuthnContext unspecified calls for security, why
> are there other means of AuthnContext specified in the specs. Is
> that security by obscurity?

I couldn't follow that argument either. ("I want you to accept my
assertion but I won't tell you the authn method" for /whose/ security,

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]