[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Definitions: authentication, etc.
Credential verification - The process of verifying that a specific Principal is the subject of a specific credential.
<KS>
IMHO, this seems too vague. We know who is the subject of the specific credential, for example by inspecting the DN in a certificate. But can we *associate* that subject with the current principal is the question.
</KS>
Authentication - Authentication is identical to credential verification. (Note: the current Glossary defines "authentication" only in terms of "identity". The current sentiment in the Assertions group seems to be to downplay the distinction between "name" and any other attribute of a Principal. Therefore, we need a term that applies only to verifying a credential. We could redefine "authentication" to serve this role, or use the term "credential verification" instead. I don't have strong views on this choice).<KS>
It wouldn't be a good idea to redefine authentication as it is widely used with verifying the identity. Could we use the work credential validation in this context ?
</KS>
Credential issuance - The process of creating and making available a credential.
Credential translation - Credential translation is a two step process, involving credential verification and credential issuance. Both the verified and issued credentials must apply to the same Principal. But, the attributes in each credential may be different.<KS>
Does it mean verifying the identify (i.e. authentication) during translation ? If so, this could be impossible as we might not have the challenge mechanism. We could of course, get an assertion from the authenticator to assert the authentication.
</KS>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC