mfa-interop - [MFA-Interop] RE: A thought about the "basic" profile
Subject: MFA Interop Working Group
List archive
- From: Eric Goodman <>
- To: "Cantor, Scott" <>, "" <>
- Subject: [MFA-Interop] RE: A thought about the "basic" profile
- Date: Mon, 13 Jun 2016 16:27:31 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
I thought you were originally suggesting literally "unspecified", as in
<samlp:RequestedAuthnContext Comparison="exact">
<saml:AuthnContextClassRef>
http://id.incommon.org/assurance/mfa
</saml:AuthnContextClassRef>
<saml:AuthnContextClassRef>
unspecified
</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
--- Eric
-----Original Message-----
From:
[mailto:]
On Behalf Of Cantor, Scott
Sent: Monday, June 13, 2016 9:20 AM
To:
Subject: [MFA-Interop] RE: A thought about the "basic" profile
Actually I guess the use case was to be able to prefer MFA but also indicate
you were ok with something/anything else? In which case...never mind. ;-)
-- Scott
> -----Original Message-----
> From: Cantor, Scott
> Sent: Monday, June 13, 2016 12:18 PM
> To:
>
> Subject: A thought about the "basic" profile
>
> You know, nothing really breaks if you request an "unspecified"
> AuthenticationContext in SAML. Shibboleth just ignores it. I doubt
> much of anything else that even honors AC properly would care (and if
> they did, it would be just as much work to support as "basic").
>
> So...does that gets us out of bothering with it?
>
> Just looking for optimizations...
>
> -- Scott
- [MFA-Interop] RE: A thought about the "basic" profile, Cantor, Scott, 06/13/2016
- [MFA-Interop] RE: A thought about the "basic" profile, Eric Goodman, 06/13/2016
- [MFA-Interop] Re: A thought about the "basic" profile, Cantor, Scott, 06/13/2016
- [MFA-Interop] RE: A thought about the "basic" profile, Eric Goodman, 06/13/2016
Archive powered by MHonArc 2.6.16.