This document describes mechanisms for forcing a user to perform an additional login (reauthentication) in order to ensure that the user who is accessing a protected resource is the same person who initially authenticated at the start of the session. Forced reauthentication can therefore provide additional protection for sensitive resources.
|2018-01-16 10:00 (CET)
|Followup on document
|We agreed that Nicolas, Davide and interested people drop their input into the google doc
|2018-01-30 10:00 (CET)
Document received various inputs by Davide and Nicolas
Additional contributions and oversight requested by interested parties