Meeting the InCommon Assurance profile criteria using Active Directory

[David Walker <>]

1. Brian, the Multi-Context Broker (MCB) is a Shib login handler that understands how to orchestrate multiple authentication contexts based on the SP's request, the user's certifications, and the hierarchy of contexts that satisfy other contexts' requirements (like Silver satisfies Bronze).  I've attached the slides I used to describe at ACAMP and CAMP this week.
2. Eric, yes, that sounds like it would work.  Clever idea.
3. Let's cancel tomorrow's call.  Most everyone will be at CAMP.

David

On Thu, 2013-11-14 at 22:19 +0000, Brian Arkills wrote:

What is MCB?

 

From: [mailto:] On Behalf Of Eric Goodman
Sent: Thursday, November 14, 2013 2:01 PM
To:
Subject: [AD-Assurance] MCB and AD Silver Cookbook

 

Hi all,

 

Just a thought…

 

If a campus were using the MCB, would that mean that they could enforce that Silver assertions are only generated from username/password based login events? Then they could use other authentication forms (Kerberos or NTLM via ADFS, SPNEGO, GSSAPI) when NOT asserting Silver but still be compliant with our interpretation and “needle threading”?

 

A possibly less-queasy-making option that popped into my head last night when I was processing/recapping what I’d picked up in the various ACAMP sessions.

 

--- Eric

Attachment: The Multi-Context Broker.pdf
Description: Adobe PDF document