alternative-idp - Re: Capabilities of our alternative strategies
Subject: Alternative IdP Working Group
List archive
- From: Tom Scavo <>
- To: David Walker <>
- Cc: Alternative IdPs Working Group <>
- Subject: Re: Capabilities of our alternative strategies
- Date: Tue, 30 Sep 2014 09:16:30 -0400
On Sat, Sep 27, 2014 at 3:38 PM, David Walker
<>
wrote:
>
> I noticed a couple of columns where
> we might not be completely in agreement. Here are proposed interpretations:
>
> Support for Entity Categories (R&S). The issue here is whether the IdP can
> be configured to release attributes automatically to any SP in a specified
> Entity Category like R&S.
AFAIK, Shibboleth is the only software in the world that can leverage
entity attributes at the IdP. If that's true, then there isn't much
point having such a column in the table.
> Support for Multiple AuthN Contexts for MFA and Assurance. The issue is
> whether the IdP can invoke different authentication methods based on
> authentication contexts specified in the SAML request (e.g., the
> Multi-Context Broker).
Likewise this column is a can of worms and should probably be removed.
First, the MCB is add-on software, not baked in, so I'm not sure it
qualifies as an illustrative example. Moreover, I'd be very surprised
if ANY software can process specific RequestedAuthnContext values
out-of-the-box, especially for values not defined in the SAML2
Authentication Context spec.
Tom
- Capabilities of our alternative strategies, David Walker, 09/27/2014
- Re: Capabilities of our alternative strategies, Tom Scavo, 09/30/2014
- Re: Capabilities of our alternative strategies, Tom Scavo, 09/30/2014
- Re: Capabilities of our alternative strategies, Chris Phillips, 09/30/2014
- Re: Capabilities of our alternative strategies, David Walker, 09/30/2014
- Re: Capabilities of our alternative strategies, Chris Phillips, 09/30/2014
Archive powered by MHonArc 2.6.16.