[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Authentication Methods - Proposed changes tocore-29
Ah yes, thats right, ok that
has gone
However see below, I have added some additional
references for PGP, SPKI etc to make
up.
That was
just an oversight
Also an
overisght
Track changes does some
genuinely bizare things
It can do, one of the possible XKMS configuration is in chained mode in
which there is no backing PKI, just a database of
keys.
The other issue is that the whole point of XKMS is that
the client does not need to know what is underneath so the client does not
kow that it is a PGP key or an X.509 key, all it knows is it is trusted for
purpose X with person Y.
Subject Confirmation Methods are defined in
the SAML Profile or Profiles in which they are used [SAMLBind]. Additional methods may be added by defining
new profiles or by private agreement. The
following identifiers refer to SAML specified Authentication
methods. 7 .1.1. Password
:
URI: urn:oasis:names:tc:SAML:1.0:am:password The authentication was performed by means of
a password. 7 .1.2. Kerberos
URI: urn:ietf:rfc:1510 The authentication was performed by means of
the Kerberos protocol [RFC
1510], an instantiation of
the Needham-Schroeder symmetric key authentication mechanism [Needham78] . 7 .1.3. SSL/TLS Certificate Based Client
Authentication:
URI: urn:ietf:rfc:2246 The authentication was performed using
either the SSL or TLS protocol with certificate based client authentication. TLS
is described in [RFC
2246]. 7 .1.4. X.509
Public Key
URI:
urn:oasis:names:tc:SAML:1.0:am:X509-PKI
The authentication was performed by some
(unspecified) mechanism on a key authenticated by means of an X.509 PKI
[X.500][PKIX]. It may have been one of the mechanisms for
which a more specific identifier has been defined
below. 7 .1.5. PGP
Public Key
URI:
urn:oasis:names:tc:SAML:1.0:am:PGP
The authentication was performed by some
(unspecified) mechanism on a key authenticated by means of a PGP web of trust
[PGP]. It may have been one of the mechanisms for
which a more specific identifier has been defined
below. 7 .1.6. SPKI
Public Key
URI:
urn:oasis:names:tc:SAML:1.0:am:SPKI
The authentication was performed by some
(unspecified) mechanism on a key authenticated by means of a SPKI PKI
[SPKI]. It may have been one of the mechanisms for
which a more specific identifier has been defined
below. 7 .1.7. XKMS
Public Key
URI:
urn:oasis:names:tc:SAML:1.0:am:XKMS
The authentication was performed by some
(unspecified) mechanism on a key authenticated by means of a XKMS trust service
[XKMS]. It may have been one of the mechanisms for
which a more specific identifier has been defined
below. 7 .1.8. XML
Digital Signature
URI: urn:ietf:rfc:3075 The authentication was performed by means of
an XML digital signature [RFC 3075]. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC