Skip to Content.
Sympa Menu

assurance - Re: [Assurance] silver and two-factor ...

Subject: Assurance

List archive

Re: [Assurance] silver and two-factor ...


Chronological Thread 
  • From: Tom Scavo <>
  • To:
  • Subject: Re: [Assurance] silver and two-factor ...
  • Date: Fri, 16 Mar 2012 12:17:31 -0400 (EDT)



> By configuring the IdP to use a 2-factor
> authentication handler when it provides authentication for a service
> which indicates that it needs it (via metadata), we have abstracted
> the complexity of dealing with 2-factor authentication away from the
> application- as long as it's a web app.

Agreed (in principle). Note that SPs do not indicate their desire for 2FA via
metadata, however. They request it just-in-time via the AuthnRequest. The
problem is that there is no agreed upon qualifier to signal such an exchange,
so the SP doesn't know what to request and the IdP doesn't know what to
assert.

I run an SP that *requires* 2FA, so I'm feeling the pain. I don't know if
there are other such SPs. If there were significant numbers of such SPs, that
might justify writing a specification that addresses this use case.

Tom



Archive powered by MHonArc 2.6.16.

Top of Page