Changing MCB assurance level per SP and by "risk" (source IP)
Cantor, Scott
cantor.2 at osu.edu
Fri Apr 4 18:19:04 EDT 2014
On 4/4/14, 6:07 PM, "David Langenberg" <davel at uchicago.edu> wrote:
>m "abusing" it the same way you are -- forcing a set of users to a higher
>assurance. The intent of that though is to be an inclusive set. Now,
>you may try getting clever with the attribute-resolver & limiting the
>values returned based on either the EntityID of the SP or the IP address
>of the user, but I'm not sure how that would play out with the IdPs
>caching of resolved attributes if the IDMS attribute's values change per
>authentication. That's more of a question for one of the Devs -- Devs?
Caching is done at the DataConnector level, inside the connectors, it's
not done at a macro level. So it basically depends on the connector. I can
only speak for JDBC, and it caches based on the totality of the query
being issued, and the code doesn't use parameterized queries.
-- Scott
More information about the users
mailing list