[Openid-specs-ab] privacy & acr

Nat Sakimura sakimura at gmail.com
Wed Oct 30 00:09:24 UTC 2013

RP asking for only LoA 1 and not higher with PPID may not want a LoA2 non-PPID identity as that would require them to go under full PIA. In such a case, the RP may want the request to fail if this acr cannot be fulfilled. 

So, it is not so much for privacy protection but the avoidance of privacy compliance cost. 


=nat via iPhone

Oct 30, 2013 4:42、Brian Campbell <bcampbell at pingidentity.com> のメッセージ:

> Yesterday on the call John said that there are privacy reasons to want to be able to request "acr" as an essential claim and return an error if it fails.
> Can you explain that again John? Who's privacy (I assume the end user's) about what (how/when they authenticated) is being kept from who? 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

More information about the Openid-specs-ab mailing list