You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Definition

The InCommon MFA Support Entity Category, identified by the URI http://xxxxxx, is used by Identity Providers to assert compliance with the criteria of the InCommon MFA Profile and the InCommon Base Level Profile.  The entity category is self-certified; federations may associate it with any IdP whose operator claims that compliance.  Do we want to require the Base Level profile?  I think it's needed for #3 below.

Purpose

The MFA Support Entity Category is intended to be used for the following purposes:

  1. As a filter for constructing an SP's discovery interface, when the SP will not accept authentication that does not meet the criteria of the InCommon MFA Profile.
  2. As evidence to increase an SP operator's confidence in MFA authentication performed by the IdP.
  3. To provide information that can be used by an SP to tailor its authentication flow to the capabilities of the IdP.

 

  • No labels