[Openid-specs-ab] privacy & acr
sakimura at gmail.com
Wed Oct 30 00:09:24 UTC 2013
RP asking for only LoA 1 and not higher with PPID may not want a LoA2 non-PPID identity as that would require them to go under full PIA. In such a case, the RP may want the request to fail if this acr cannot be fulfilled.
So, it is not so much for privacy protection but the avoidance of privacy compliance cost.
=nat via iPhone
Oct 30, 2013 4:42、Brian Campbell <bcampbell at pingidentity.com> のメッセージ:
> Yesterday on the call John said that there are privacy reasons to want to be able to request "acr" as an essential claim and return an error if it fails.
> Can you explain that again John? Who's privacy (I assume the end user's) about what (how/when they authenticated) is being kept from who?
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
More information about the Openid-specs-ab