OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Proposal: Query Extension for SAML AuthnReq

> The existing inability of an SP to ask for particular 'assurance
> attributes' in its <AuthnRequest> would presumably be one driver for
> them to instead use <RequestedAuthnContext>?

Nope, because LOA-centric apps are almost always amenable to setting up the
attribute release out of band. It's all about who has to make changes when
the LOA set changes. Asserting multiple values is seen as a big deal.

I think I covered this on the Concordia list fairly well. Far from a kludge,
I think it's probably the long term approach most will eventually take
because it's a lot easier than asserting multiple context classes, not to
mention as Tom said, it works across protocols much more cleanly.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]