OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] AuthnContext for WebSSO

On 7/17/15, 3:16 PM, "prabhat chaturvedi" <chaturvedi.prabhat@gmail.com> wrote:

>Thanks Scott for your reply. 
>Here I am using an openAM default SP. By default, not only in this product but generally most of products which I have used, request PPT with exact comparison for WebSSO flow.

That doesn't make it less of a problem, and it is a bad default.

>Also, I am curious to know a suitable example for 'exact'?

Outside of very specialized deployments with few IdPs and a lot of control, using exact tends to be a bad idea, and is usually done because products don't support "minimum", which is the one that really makes sense in most cases.

Either you need to enumerate all the possible context classes you'll accept, which is not future proof, or you need to use mechanisms like assurance schemes that define context classes to represent general practices and that can be met by lots of different technologies, including future ones.

>And is there any relation between WebSSO and PPT?

I don't really understand what relation you're inferring.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]