Hi Johann,
On Fri, Apr 19, 2019 at 6:39 PM Johann Nallathamby <[email protected]> wrote: > *[+architecture]* > > Hi Ruwan, > > As mentioned in my original mail, I am calling them "untrusted", because > they are 3rd parties to IS, and we can't guarantee that they will send > authentication requests in a way we want them to send under a particular > scenario. > In this definition, should not we consider all SP s are untrusted? > For example, one of the SCA authentication rules in OB is, at any time > when the AISP makes a request to view the transaction details after 90 days > has passed since the previous authentication, the authorization server has > to re-authenticate the user. In this scenario the we can't expect that the > TPP will send a force authentication request with prompt=login or send > appropriate LOA values. It needs to be solely enforced by IS to force > authentication if 90 days have elapsed. So I am trying to figure out how > this can be implemented in IS with/without extensions. And if we need > extensions what are the correct extensions to do so. > Agree that "prompt=login" is not ideal, this was given as a workaround AFAIK. Yes we need to add some function like "clearAuthenticators({idp_list}, {authenticator_list})" or something along to get the requirement done. > Regards, > Johann. > > On Thu, Apr 18, 2019 at 7:02 PM Ruwan Abeykoon <[email protected]> wrote: > >> Hi Johann, >> Can you please explain what is the "untrusted application", what is the >> logic to decide an SP is untrusted, and what would be the behavior when it >> is "untrusted" >> >> Cheers, >> Ruwan A >> >> > > -- > *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | > WSO2 Inc. > (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) [email protected] > [image: Signature.jpg] > -- *Ruwan Abeykoon* *Associate Director/Architect**,* *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * *lean.enterprise.middleware.*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
