OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] Authentication Method


I think this is a job for the new (Liberty derived) AuthenticationContext. You can add arbitrary details about the issuance policy, strength of token, etc.

 - irving -
 

> -----Original Message-----
> From: John Hughes [mailto:john.hughes@entegrity.com] 
> Sent: March 12, 2004 04:05
> To: security-services@lists.oasis-open.org
> Subject: [security-services] Authentication Method
> 
> 
> As Tim and I complete the Kerberos Solution profiles doc - 
> ready for the 16th - we have come across an issue we would 
> like to raise - in order to get some feedback.
> 
> 
> Kerberos currently - as far as the authentication method is 
> concerned - is
> identified by:   URI: urn:ietf:rfc:1510.
> 
> However as a number of you may be aware Kerberos supports a 
> number of authentication techniques, including PKI/X.509, 
> username/pw, and hardware tokens.  We believe this should be 
> identified in the assertion.  Hence we would like to have a 
> set of AuthenticationMethods defined.  For instance:
> 
> 	URI: urn:ietf:rfc:1510   and
> 	URI: urn:oasis:names:tc:SAML:1.0:am:password
> 
> 
> This requirement is not unique to Kerberos - but to any 
> multi-factor authentication system
> 
> Currently the schema permits only a single 
> AuthenticationMethod attribute
> 
> 
> 
> Thoughts?
> 
> 
> John
> 
> 
> 
> 
> 
> 
> 
> 
> 
> To unsubscribe from this mailing list (and be removed from 
> the roster of the OASIS TC), go to 
> http://www.oasis-open.org/apps/org/workgroup/security-services
/members/leave_workgroup.php.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]