OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Issue of multiple authn statements during SSO

A remaining substantive issue in the SSO profile relates to the request by
several TC members to permit multiple authentication statements in the

I'm unclear on what the use case for this is, but if we're to do it, I
believe we need to address what this is supposed to mean to the relying
party, as well as how to interpret a case in which you would get multiple
assertions, each with bearer confirmation, and an authentication statement.

This was always something I found awkward in the old profiles, and I was in
favor of fixing it by restricting the profile to one statement because I
don't understand the use case for two. So I continue to support that
position, but would ask those with the use case to explain it, and supply
text for the profile around it so that it's clear what the SP is to do to
resolve any conflicts in the statements (e.e. different
ReauthenticateOnOrAfter values).

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]