Hi Johann, On Wed, Jan 8, 2020 at 4:49 AM Ajanthan Balachandran <ajant...@wso2.com> wrote:
> Hi Johann, > > I think here we are talking about two different things. Feel free to > correct me if I am wrong. > > In the first case, we are trying to assert the value of the claims > provided by the user. In the case of phone number and email claims sending > verification code does make sense but to assert the first name or last name > sending verification code to email or phone doesn't give enough > assurance(usually photo ID proof is needed to verify names). > > What you are talking about is getting enough assurance level for the > authenticated user by prompting 2FA to be able to update security > questions. This should be handled by auth system not the claim verification > system. > I'm under the same understanding with Ajanthan. It should be a 2FA flow. > > Thanks, > Ajanthan. > > Thanks, Malithi -- *Malithi Edirisinghe* | Technical Lead | WSO2 Inc. (m) +94 718176807 | (w) +94 11 214 5345 | (e) malit...@wso2.com GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture