atom feed28 messages in org.oasis-open.lists.security-servicesRe: [security-services] Re: ForceAuth...
FromSent OnAttachments
Beach, Michael COct 23, 2003 12:49 pm.bin, .doc
John KempNov 24, 2003 1:58 pm 
Beach, Michael CNov 25, 2003 11:24 am 
Greg WhiteheadNov 25, 2003 11:50 am 
Beach, Michael CNov 25, 2003 12:24 pm 
Greg WhiteheadNov 25, 2003 12:32 pm 
John KempNov 26, 2003 6:20 am 
Scott CantorNov 26, 2003 8:22 am 
John KempNov 27, 2003 7:49 am 
Scott CantorNov 28, 2003 9:30 pm 
Conor P. CahillNov 29, 2003 2:14 am 
Conor P. CahillNov 29, 2003 2:25 am 
Conor P. CahillNov 29, 2003 2:27 am 
John KempNov 29, 2003 5:54 am 
Conor P. CahillNov 29, 2003 11:35 am 
Beach, Michael CNov 29, 2003 11:37 am 
John KempNov 29, 2003 11:52 am 
Beach, Michael CNov 29, 2003 11:59 am 
Beach, Michael CNov 29, 2003 12:03 pm 
Conor P. CahillNov 29, 2003 1:46 pm 
Conor P. CahillNov 29, 2003 2:59 pm 
Anthony NadalinNov 30, 2003 5:23 pm 
Conor P. CahillNov 30, 2003 7:18 pm 
Conor P. CahillDec 1, 2003 4:16 am 
Anthony NadalinDec 1, 2003 9:31 pm 
Conor P. CahillDec 2, 2003 4:38 am 
Anthony NadalinDec 3, 2003 4:36 am 
Conor P. CahillDec 3, 2003 4:54 am 
Subject:Re: [security-services] Re: ForceAuthn (was Use Cases)
From:Conor P. Cahill (conc@aol.com)
Date:Nov 29, 2003 1:46:52 pm
List:org.oasis-open.lists.security-services

John Kemp wrote on 11/29/2003, 2:58 PM:

As others have previously pointed out, an SP could request an appropriate minimum authentication context when making the authentication request. That context could specify that a direct user interaction is made by the IdP. Such a usage would preclude the use of cached credentials by the IdP, and force them to either interact with the user or return a failure code to the SP.

Of course, this only solves the issue of credentials cached at the IdP. The credentials could also be cached at the client (I certainly do it for username/password authentication through my browser, even at those sites that try to disable it). However, I think that solving the caching at the client problem might be out of scope for the SSTC, if it is really solvable at all.

Conor