[Openid-specs-ab] privacy & acr

Nat Sakimura sakimura at gmail.com
Wed Oct 30 00:09:24 UTC 2013


RP asking for only LoA 1 and not higher with PPID may not want a LoA2 non-PPID identity as that would require them to go under full PIA. In such a case, the RP may want the request to fail if this acr cannot be fulfilled. 

So, it is not so much for privacy protection but the avoidance of privacy compliance cost. 

Cheers, 

=nat via iPhone

Oct 30, 2013 4:42、Brian Campbell <bcampbell at pingidentity.com> のメッセージ:

> Yesterday on the call John said that there are privacy reasons to want to be able to request "acr" as an essential claim and return an error if it fails.
> 
> Can you explain that again John? Who's privacy (I assume the end user's) about what (how/when they authenticated) is being kept from who? 
> 
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab


More information about the Openid-specs-ab mailing list