Versions Compared

Old Version 26

changes.mady.by.user Mike Wiseman

Saved on

compared with

New Version 27

changes.mady.by.user David Walker

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
minLevel2
maxLevel2

A Couple of Short

...

Stories

Info
titleDick and the Two Factors

Dick's campus Identity Provider (IdP) supports two forms of authentication, one requires Dick to remember a user name and password, and the other requires Dick to prove he is in possession of his cell phone, in addition to the user name and password. Some Service Providers (SP) require user name and password, and some also require the cell phone.  The campus has decided, however, that the cell phone method can always be used, even when only user name and password is requested by the SP.  When Dick browses to an SP requiring user name and password, he is prompted accordingly, and he is no longer prompted for the rest of his session, unless he browses to an SP requiring the cell phone method.  In that case, his cell phone alerts him for confirmation, and he then is no longer prompted for the rest of his session.

In order to provide Dick with choices to protect his online identity, Dick's campus allows him to opt out of ever authenticating without using the cell phone method.  After choosing that option, he is always prompted to use the cell phone method, even when it is not required by the services he uses.

Info
titleAssuring JaneJane and the Multi-Context Broker

Jane uses her web browser to access a Service Provider (SP) that requires the InCommon Bronze assurance profile.  The SP redirects her to her campus Identity Provider (IdP), the MCB verifies she is certified for the Bronze profile, and she is presented with a list of authentication methods it provides that will satisfy the requirements of InCommon Bronze.  Jane chooses one of those methods and authenticates.  Jane's IdP returns the Bronze assurance qualifier to the SP.  As Jane browses to other Bronze SPs during her current session, her IdP provides the Bronze assurance qualifier to those SPs without requiring additional interaction for authentication.

During her session, Jane browses to a Service Provider that requires the InCommon Silver assurance profile.  At Jane's campus, the Silver assurance profile requires a different authentication method than Bronze, so (after verification that Jane is certified for the Silver profile) Jane is prompted for Silver authentication.

...