•Suppose that you are a service provider, and John Doe is
requesting access to some of your
resources. And suppose an Identity
Provider sends you an Authentication
Assertion.
•Here is some information you might want to know,
regarding how the Identity
Provider does authentication:
–What authentication mechanism does the IdP use?
•Password or certificate-based SSL or ...
–What mechanisms for storing and protecting credentials
does the IdP use?
•Password rules or smartcard or ...
–What mechanisms for minimizing compromise of credentials
is used?
•Password renewal frequency
–What is the initial user identification mechanism?
•Face-to-face or online or ...
•This information is found in the Authentication
Context. Thus, the Authentication Context describes the context in which authentication is done. This
information enables you (the service provider) to assess the quality of the authentication assertion.