Changing MCB assurance level per SP and by "risk" (source IP)

Cantor, Scott cantor.2 at
Fri Apr 4 18:19:04 EDT 2014

On 4/4/14, 6:07 PM, "David Langenberg" <davel at> wrote:

>m "abusing" it the same way you are -- forcing a set of users to a higher
>assurance.  The intent of that though is to be an inclusive set.  Now,
>you may try getting clever with the attribute-resolver & limiting the
>values returned based on either the EntityID of the SP or the IP address
>of the user, but I'm not sure how that would play out with the IdPs
>caching of resolved attributes if the IDMS attribute's values change per
>authentication.  That's more of a question for one of the Devs -- Devs?

Caching is done at the DataConnector level, inside the connectors, it's
not done at a macro level. So it basically depends on the connector. I can
only speak for JDBC, and it caches based on the totality of the query
being issued, and the code doesn't use parameterized queries.

-- Scott

More information about the users mailing list