OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: Authenticator to Subject Confirmation renaming


Title: RE: Authenticator to Subject Confirmation renaming
We discussed that in the call (or to be precise my perception is that we discussed it). Unfotch the message with the text went out after the document went out and not previously during the call as I intended. I did catch the bug Carlisle brought up.
 
AuthenticationMethod is used in the Authentication assertion and in the SubjectConfirmationMethod while Subject ConfirmationData is only used in the SubjectConfirmation.
 
We could move to simply 'ConfirmationMethod' in both places which I suspect would provide better for the Anonymous cases.
 
Since confirmation is only something that is possible to a subject we might want to move from SubjectConfirmation to simply Confirmation.
 
 
I think that the anonymity discussion is clarified by differentiating authentication and confirmation.
 
Authentication
    The process by which we determine that the party purporting to be X is or is not in fact X where X may be a name or a psuedonym.
 
Confirmation
    The process by which we determine that the party purporting to be a member of a set of Y of authorized users is or is not in fact a member.
 
    Authentication is one means of achieving confirmation
 
 
            Phill

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227

-----Original Message-----
From: Tim Moses [mailto:tim.moses@entrust.com]
Sent: Tuesday, August 21, 2001 2:16 PM
To: Security-Services (E-mail)
Subject: RE: Authenticator to Subject Confirmation renaming

Phill - I think this reflects the discussion on the call this afternoon.  Except that, to be consistent, we should change "AuthenticationMethod" to "SubjectConfirmationMethod".

The element that retains the term "authentication" is this one ...

<xsd:complexType name="AuthenticationAssertionType">
 <xsd:complexContent>
  <xsd:extension base="saml:SubjectAssertionAbstractType">
   <xsd:sequence>
    <xsd:element ref="saml:AuthenticationCode"/>
    <xsd:element name="AuthenticationInstant" type="timeInstant"/>
    <xsd:element name="AuthenticationLocale" type="saml:AuthenticationLocaleType" minOccurs="0"/>
   </xsd:sequence>
  </xsd:extension>
 </xsd:complexContent>
</xsd:complexType>

All the best.  TIm.

-----Original Message-----
From: Hallam-Baker, Phillip [mailto:pbaker@verisign.com]
Sent: Tuesday, August 21, 2001 2:00 PM
To: Security-Services (E-mail)
Subject: Authenticator to Subject Confirmation renaming


This is the new text:

1.1.1   Element <Subject>
The <Subject> element specifies a party by any of the following means:
        *       A name.
        *       By information that allows the party to be authenticated.
        *       By reference to another assertion or by containment of
another assertion.
If a <Subject> element contains more than one subject specification the
issuer is asserting that all the subject specifications present specify the
same subject. For example if both a <NameIdentifier> and a <Authenticator>
element are present the issuer is asserting that the authentication data
authenticates the party with the specified name.
The following schema defines the <Subject> element:
        <element name="Subject" type="saml:SubjectType"/>
        <complexType name="SubjectType">
                <choice maxOccurs="unbounded">
                        <element ref="saml:NameIdentifier"
                                        minOccurs="0"
maxOccurs="unbounded"/>
                        <element ref="saml:SubjectConfirmation"
                                        minOccurs="0"
maxOccurs="unbounded"/>
                        <element ref="saml:AssertionSpecifier"
                                        minOccurs="0"
maxOccurs="unbounded"/>
                </choice>
        </complexType>
1.1.1.1 Element <SubjectConfirmation>
The <SubjectConfirmation> element specifies a subject by specifying data
that authenticates the subject.
        <AuthenticationMethod>[Any number]
        Each <Authentication> element specifies a URI that identify a
protocol that may be used to authenticate the subject.
        <SubjectConfirmationData>[Optional]
        Each <SubjectConfirmationData> element specifies additional
authentication information used by a specific authentication protocol.
        <ds:KeyInfo>[Optional]
        An XML Signature <ds:KeyInfo>  element that specifies a
cryptographic key held by the subject.
URIs identifying common authentication protocols are specified in Section 4
.
The following schema defines the <SubjectConfirmation> element:
        <element name="SubjectConfirmation"
type="saml:SubjectConfirmationType"/>
        <complexType name="SubjectConfirmationType">
                <sequence>
                        <element ref="saml:AuthenticationMethod"
maxOccurs="unbounded"/>
                        <element name="SubjectConfirmationData"
type="string" minOccurs="0"/>
                        <element ref="ds:KeyInfo" minOccurs="0"/>
                </sequence>
        </complexType>


Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227 <<Phillip Hallam-Baker (E-mail).vcf>>

Phillip Hallam-Baker (E-mail).vcf



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC