- edited description
Add Authentication Context Class to Registration
Many relying partys who require authentication context may only require one This will reduce the requirement to use the request object when the request is otherwise simple.
We currently have acrs_supported in Discovery. An array of values.
I propose we add default_acr to registration.
OPTIONAL. (Authentication Context Class Reference): Requests the desired Authentication Context Class References. A a acr values representing an acceptable Authentication Context Class Reference values. If the acr value is present in the request object, that overrides this default setting. &acr=http://id.incommon.org/assurance/bronze
Someone will say having two ways to do the same thing adds complexity.
Having the default removes the need to put car in the request object 90% of the time. However the other 10% is valuable step up authentication, that needs to be done from the same client_id to avoid messing up session management and permissions.
Comments (5)
-
reporter -
reporter - edited description
-
reporter - edited description
-
-
assigned issue to
- changed status to open
-
assigned issue to
-
reporter - changed status to resolved
- Log in to comment