Tatsuki Sakushima wrote on 2009-12-14: > Why has the SSTC decided to declare LoA in request messages? It hasn't, RequestedAuthnContext has always been part of request messages. The use of AuthnContext to carry LOA necessarily means that it's possible to ask for it in a request. -- Scott