[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Does an Authentication Context URN actually reference an XML file?
Thanks Scott for your reply. If I may, I'd like to follow up to confirm
that I understand correctly what you are saying. Suppose an IdP sends to a Relying Party an Authentication Assertion
which contains this:
<AuthnContext>
<AuthnContextClassRef>
urn:oasis:names:tc:2.0:ac:classes:PasswordProtectedTransport
</AuthnContextClassRef> </AuthnContext> The URN does not indicate the name of a resource (XML file) that
contains details about how the authentication was accomplished. Correct? The URN is just a label. It is a label with this semantics “The subject was authenticated
through the presentation of a password over a protected session.” Correct? Assuming that I have correctly understood, let me ask a new
question: Suppose that an IdP creates an XML document (let’s
call it foo.xml) which conforms to saml-schema-authn-context-ppt-2.0.xsd (this
is the schema that has as its targetNamespace the above URN), and foo.xml
contains all the details about how a Subject was authenticated. Suppose
that the IdP wants to tell the Relying Party, “The subject was
authenticated through the presentation of a password over a protected session, and
if you want to see the authentication details then view foo.xml at this URL
_____”. How would this be expressed? /Roger -----Original Message----- > 1. Does an Authentication Context URN actually reference an XML
file? That's out of scope, but you're mistaking classes for declarations. > Does that URN actually reference an XML file? Your example is a class. A class is a schema of possible contexts, not
a specific one. The URN means exactly that schema. Declarations are specific instances. They usually would be expected to
refer to an XML file, but resolution is out of scope. > (This may sound odd, but .) What is the root element of the > XML file? > > Is this the root element: > > <AuthenticationContextDeclaration> ,,, > </AuthenticationContextDeclaration> Yes. > Note: perhaps I have old documentation; there are large > differences between it and the actual schemas. /Roger I don't know what you refer to, the 2.0 spec is done. -- Scott --------------------------------------------------------------------- This publicly archived list supports open discussion on implementing
the SAML OASIS Standard. To minimize spam in the archives, you must subscribe before posting. [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ Alternately, using email: list-[un]subscribe@lists.oasis-open.org List archives: http://lists.oasis-open.org/archives/saml-dev/ Committee homepage: http://www.oasis-open.org/committees/security/ List Guidelines: http://www.oasis-open.org/maillists/guidelines.php Join OASIS: http://www.oasis-open.org/join/ |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]