Versions Compared

Old Version 2

changes.mady.by.user Mikael Linden

Saved on

compared with

New Version Current

changes.mady.by.user Mikael Linden

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

REFEDS assurance wg vc

Monday 23th January 2017 at 14:30-15:30 (UTC), 15:30-16:30 (CET), 8:30-9:30 (CST)
connect.sunet.se/eduGAIN

Pål
David L
Tom
Maarten
David G
Mikael

Notes

 

Worked on the remaining open issues in the assurance profile:

...

    • The SP indicates it supports this profile by requesting an Authentication context defined in this profile. There can also be other Authentication Context class references in the list presented by the SP.
    • Don't specify the IdP behaviour if the SP doesn't request anything (the default Shibboleth SP configuration) – it is out of scope for this profile
    • An IdP can downgrade the authentication i.e. carry out MFA but signal "single" in the response if "single" was requested instead of MFA. It is a responsibility of the IdP to make sure MFA is more reliable than single.

...