Versions Compared

Old Version 8

changes.mady.by.user Fredrik Domeij

Saved on

compared with

New Version Current

changes.mady.by.user Albert Wu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Our current position is that while error handling is an important topic, this detail should be captured in a supplemental implementation guide or FAQ. For example, the following are some general scenarios:

  • RP/SP requests REFEDS MFA, OP/IdP doesn't understand it and tosses an HTTP 500 (bad? good?)
  • RP/SP requests REFEDS MFA, OP/IdP doesn't understand it responds with a protocol-specific error (good? bad?)
  • RP/SP requests REFEDS MFA, OP/IdP understands it but is unable to perform MFA, responds with a protocol-specific  Error (good? bad?)
  • What is the correct/expected behaviour for an IdP when responding to a request it does not / cannot support beyond what the standard addresses. And is there any difference expectation between SAML and OIDC IdP’s responding to such errors.

SP requests REFEDS MFA, IdP understands it but is unable to perform MFA, responds with SAML Authn Assertion with something other than REFEDS MFA value (what happens?)

Earlier Working Material

The following links point to earlier discovery materials the Group compiled to organise/prioritise the Profile revision work.

...