Paul Madsen wrote on 2009-12-15:
On the topic of the relevance of RequestedAuthnContext, this SAML profile (http://saml2int.org/profile/current) recommends against RequestedAuthnContext - citing interop concerns.
But surely the argument that authncontext complicates interop could be used against any policy parameter....
Policy tends not to scale well acrosss thousands of sites. The profile is trying to identify features that are likely to cause errors if you don't know in advance that they're likely to work. It's not the support for the feature that's at issue, really, but the semantics of the classes you ask for. e.g. if you were to ask for some string signifying LOA 1, a whole bunch of IdPs are going to be unable to respond to that simply because they aren't part of the LOA framework you're using. That may be a good thing, of course. -- Scott