[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SAML Public key authentication methods
Hi, In trying to map the SAML authentication methods to authentication context classes, I've hit a snag, regarding the mapping of the individual public key methods (X509 public key, PGP public key and so on). These are called out separately as distinct authentication methods. However, it seems to me that the actual authentication mechanism is not specified in these cases. Instead, we are specifying how the key was verified. So, I have a couple of questions/comments for the group: 1) Is information regarding the actual verification of the key, rather than the actual authentication mechanism, important in describing the authentication event? If so, then we should model this in the authentication context, probably by adding an attribute to the authenticator to hold the "validation mechanism". 2) Unless I'm not understanding this correctly, it seems to me that the authenticator in all of the these public key cases is some kind of digital signature over some piece of content. I'd appreciate thoughts on this matter as I aim to complete the authentication context/method changes this week. Cheers, - JohnK
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]