OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] Does an Authentication Context URN actually reference an XML file?

Thanks Scott for your reply.  If I may, I'd like to follow up to confirm that I understand correctly what you are saying.

 

Suppose an IdP sends to a Relying Party an Authentication Assertion which contains this:

 

        <AuthnContext>

            <AuthnContextClassRef>

                urn:oasis:names:tc:2.0:ac:classes:PasswordProtectedTransport

            </AuthnContextClassRef>

        </AuthnContext>

 

The URN does not indicate the name of a resource (XML file) that contains details about how the authentication was accomplished. 

 

Correct?

 

The URN is just a label.  It is a label with this semantics “The subject was authenticated through the presentation of a password over a protected session.”

 

Correct?

 

Assuming that I have correctly understood, let me ask a new question:

 

Suppose that an IdP creates an XML document (let’s call it foo.xml) which conforms to saml-schema-authn-context-ppt-2.0.xsd (this is the schema that has as its targetNamespace the above URN), and foo.xml contains all the details about how a Subject was authenticated.  Suppose that the IdP wants to tell the Relying Party, “The subject was authenticated through the presentation of a password over a protected session, and if you want to see the authentication details then view foo.xml at this URL _____”.  How would this be expressed?

 

/Roger

 

-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu]
Sent: Wednesday, May 03, 2006 11:11 AM
To: Costello, Roger L.; saml-dev@lists.oasis-open.org
Subject: RE: [saml-dev] Does an Authentication Context URN actually reference an XML file?

 

> 1. Does an Authentication Context URN actually reference an XML file?

 

That's out of scope, but you're mistaking classes for declarations.

 

> Does that URN actually reference an XML file? 

 

Your example is a class. A class is a schema of possible contexts, not a

specific one. The URN means exactly that schema.

 

Declarations are specific instances. They usually would be expected to refer

to an XML file, but resolution is out of scope.

 

> (This may sound odd, but .)  What is the root element of the

> XML file? 

>

> Is this the root element:

>

> <AuthenticationContextDeclaration> ,,,

> </AuthenticationContextDeclaration>

 

Yes.

 

> Note: perhaps I have old documentation; there are large

> differences between it and the actual schemas.  /Roger

 

I don't know what you refer to, the 2.0 spec is done.

 

-- Scott

 

 

---------------------------------------------------------------------

This publicly archived list supports open discussion on implementing the SAML OASIS Standard. To minimize spam in the

archives, you must subscribe before posting.

 

[Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/

Alternately, using email: list-[un]subscribe@lists.oasis-open.org

List archives: http://lists.oasis-open.org/archives/saml-dev/

Committee homepage: http://www.oasis-open.org/committees/security/

List Guidelines: http://www.oasis-open.org/maillists/guidelines.php

Join OASIS: http://www.oasis-open.org/join/

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]