[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Groups - authentication-context.pdf uploaded
> From: Anthony Nadalin [mailto:drsecure@us.ibm.com] ... > (2) What is the value of the Authentication Context, seems > like its just > metadata that has no validity ? Seems like its being used to > attest to the > strength of the assertion somehow ? The way I look at it, the new Authn Context proposal is a workaround for the fact that we chose too restrictive a schema for the "authentication method" field in SAML 1.0. It's not being used to attest to the strength of the _assertion_; it's being used, in the context of a profile or set of terms-of-service agreed to by the asserting and relying parties, to convey more details about how the asserting party authenticated the subject. Said profile or terms-of-service can define a specific schema for the Authentication Context, and a concept of "strength of authentication" based on instances of that schema. - irving -
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]