mfa-interop - RE: [MFA-Interop] Software support for our MFA Interoperability authnContext value
Subject: MFA Interop Working Group
List archive
RE: [MFA-Interop] Software support for our MFA Interoperability authnContext value
Chronological Thread
- From: Eric Goodman <>
- To: "Cantor, Scott" <>, Nicholas Roy <>, "" <>
- Subject: RE: [MFA-Interop] Software support for our MFA Interoperability authnContext value
- Date: Fri, 7 Oct 2016 20:50:20 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:z8JYUBHMjaCCo8FquzOhG51GYnF86YWxBRYc798ds5kLTJ75r8WwAkXT6L1XgUPTWs2DsrQf1LqQ7vurADFIyK3CmU5BWaQEbwUCh8QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnY6Uy/yPgttJ+nzBpWaz4Huj7jzqNXvZFACrzO7fbRoaF2NpgLNqoNe1YBrLLo20F2TinxTZqJbyX4+YRq1nh384cO559ZZ9DUY7/Q78N9oUKPmcr4+QKACSjkqLjZxrIfuuxCGTA2T62EbSk0XlBFPBg3C6lf9RJi7+n//uOM42S+GMNfxVZg1Xz+l6qJsTlnvkihRZBAj92SCp9Zxh+p0pxWtohV5i9r5eoCectV5ea/YdNUyWGFGRoBcWzEXUdD0VJcGE+dUZbUQlIL6vVZb6ELmXQQ=
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Good point on SP enforcement, though I'll note that we were inconsistent on
that in other areas of the profile as well (see "ForceAuthn", which is
defined for IdP support but not SP enforcement).
I'll propose all three comments once I figure out where such comments should
be routed. (And yes that's a request for guidance on how to submit comments
if people have guidance to provide.)
--- Eric
-----Original Message-----
From:
[mailto:]
On Behalf Of Cantor, Scott
Sent: Friday, October 07, 2016 1:06 PM
To: Nicholas Roy;
Subject: RE: [MFA-Interop] Software support for our MFA Interoperability
authnContext value
> Seems like this is something that SSP should support if it doesn't,
> and I don't think that missing it should block adoption of this profile.
> The profile should drive software that doesn't support it, to support it.
This is basic SAML conformance stuff, but I think Eric more or less asked
just yesterday that the implementation profile go ahead and include explicit
requirements for this to call it out. There's also a more important and
generally overlooked piece, which is that if the SP requests it, it needs to
be able to enforce it (and if not, the application had better know that it
hasn't been enforced). That could be added to the implementation profile as
well.
-- Scott
- [MFA-Interop] Software support for our MFA Interoperability authnContext value, David Walker, 10/07/2016
- Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Nicholas Roy, 10/07/2016
- RE: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Cantor, Scott, 10/07/2016
- RE: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Eric Goodman, 10/07/2016
- Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Nicholas Roy, 10/07/2016
- RE: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Cantor, Scott, 10/07/2016
- RE: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Eric Goodman, 10/07/2016
- Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value, David Walker, 10/07/2016
- Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Nicholas Roy, 10/07/2016
- RE: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Cantor, Scott, 10/07/2016
- Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Nicholas Roy, 10/07/2016
Archive powered by MHonArc 2.6.19.