On 12/9/11 3:19 AM, "Jim Schaad" <[email protected]> wrote: > >I think that this may be required in both directions. That is the RP may >need to tell the IdP what it wants as well. > >I completely agree that there is going to need to be an OOB agreement >about >what the values mean. But I still potentially want to do the selection >process.
Note that this is definitely non-trivial, and creates a lot of deployment complexity when you deal with IdPs that support multiple (or the absence of) LOAs, and the reality that many RPs need different LOAs to perform different functions, often from a single client. In practice, the support in SAML for this has been poorly implemented, or not at all, and there's not much deployment experience with it. -- Scott _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
