...
Nathan: I didn't include the HTTP requests because in my use cases, the LOA requirements for each service will usually be defined in the service registry instead of being via HTTP. (This is similar to how you can register a user to force renew using the service registry.) However, I can certainly add this information. I'll make a new page and write up some scenarios.
See this page: Example LOA Use Cases
See this page: Example LOA Use Cases
I may be mistaken, but I don't see anything here which cannot be addressed by what I proposed at first. I don't see the need for authentication handlers combination (&&, ||).
...