This document describes mechanisms for forcing a user to perform an additional login (reauthentication) in order to ensure that the user who is accessing a protected resource is the same person who initially authenticated at the start of the session. Forced reauthentication can therefore provide additional protection for sensitive resources.

google doc

2018-01-16 10:00 (CET) on documentWe agreed that Nicolas, Davide and interested people drop their input into the google doc
2018-01-30 10:00 (CET) discussion

Document received various inputs by Davide and Nicolas

Additional contributions and oversight requested by interested parties

  • No labels