Service Provider controlled Security Levels

English on June 8th, 2008 No Comments

SSOCircle and IDPee now support different SAML2 authentication contexts. The SP is now able to require that a user is authenticated at the specified security strength. SSOCircle will determine the current authentication level and if necessary, asking the user to reauthenticate to the stronger security level.
Think of three different types of use cases. For example a simple bookmarking application that is accessed by a mobile device. For convenience you might decide to use a simple MSISDN automatic user recognition at SSOCircle. But if you are now accessing your Email at Google Apps, you definitely like to have a better protection of the emails. SSOCircle now enforces username/password authentication and upgrades your existing session. Consider now you like to regard your companies sales report application. In this case username / password might not be enough. The application may require that you are authenticated by a X.509 client certificate, issued to your Smart Card token.
Read our technical description for a detailed explanation of how all this works, what you have to do to leverage authentication context levels and which levels SSOCircle and IDPee support. Have a look on our secure lightbulb example which complements the previous lightbulb application to a demonstration of how an application might enforce a stronger authentication.

Tags: , , , , , ,

No Responses to “Service Provider controlled Security Levels”

Leave a Reply

You must be logged in to post a comment.