mfa-interop - Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value
Subject: MFA Interop Working Group
List archive
Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value
Chronological Thread
- From: Nicholas Roy <>
- To: Eric Goodman <>, "Cantor, Scott" <>, "" <>
- Subject: Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value
- Date: Fri, 7 Oct 2016 14:53:10 -0600
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:AZOdgxybA5lrJsXXCy+O+j09IxM/srCxBDY+r6Qd0eIfIJqq85mqBkHD//Il1AaPBtqLra8fwLOL+4nbGkU+or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6aijSI4DUTAhTyMxZubqSwQ9aKzpf/6+fn1ofSaE1ngz2xZLp0ZEGbtwTa8OYRhodnI6AZ1xDOuj1Fd/kAgSsiDluVgxHmoo+L95l/724Y7/ko8dJHS+OgV6MjUPpVAClwdyh/4cPi8BjFUQaV4WM0U2MdlR9NBA6D6wv1FN+ltyXz8+t7xCSAOtXeTLY/XjGn6KEtTwXn3nQpLTk8pUfWgcx3iKtA6CimtlQrxZTTcamUMuZzZKXQYYlcSGZcCJUCHxddC5+xOtNcR9EKOvxV+syk/wMD
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
I'd recommend joining the Kantara WG-FI and contributing them there. Less places to track the conversation, and it would be good to have you in that 'room'.
Nick
On 10/7/16 2:50 PM, Eric Goodman wrote:
Good point on SP enforcement, though I'll note that we were inconsistent on that in
other areas of the profile as well (see "ForceAuthn", which is defined for
IdP support but not SP enforcement).
I'll propose all three comments once I figure out where such comments should
be routed. (And yes that's a request for guidance on how to submit comments
if people have guidance to provide.)
--- Eric
-----Original Message-----
From:
[mailto:]
On Behalf Of Cantor, Scott
Sent: Friday, October 07, 2016 1:06 PM
To: Nicholas Roy;
Subject: RE: [MFA-Interop] Software support for our MFA Interoperability
authnContext value
Seems like this is something that SSP should support if it doesn't,This is basic SAML conformance stuff, but I think Eric more or less asked
and I don't think that missing it should block adoption of this profile.
The profile should drive software that doesn't support it, to support it.
just yesterday that the implementation profile go ahead and include explicit
requirements for this to call it out. There's also a more important and
generally overlooked piece, which is that if the SP requests it, it needs to
be able to enforce it (and if not, the application had better know that it
hasn't been enforced). That could be added to the implementation profile as
well.
-- Scott
- [MFA-Interop] Software support for our MFA Interoperability authnContext value, David Walker, 10/07/2016
- Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Nicholas Roy, 10/07/2016
- RE: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Cantor, Scott, 10/07/2016
- RE: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Eric Goodman, 10/07/2016
- Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Nicholas Roy, 10/07/2016
- RE: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Cantor, Scott, 10/07/2016
- RE: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Eric Goodman, 10/07/2016
- Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value, David Walker, 10/07/2016
- Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Nicholas Roy, 10/07/2016
- RE: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Cantor, Scott, 10/07/2016
- Re: [MFA-Interop] Software support for our MFA Interoperability authnContext value, Nicholas Roy, 10/07/2016
Archive powered by MHonArc 2.6.19.