security-services message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RequestedAuthnContext
- From: Thomas Wisniewski <Thomas.Wisniewski@entrust.com>
- To: SAML <security-services@lists.oasis-open.org>
- Date: Mon, 5 Dec 2005 13:20:40 -0500
Title: Message
Hi, I just wanted to
clarify the definitions of "better" and "maximum" in section 3.3.2.2.1 of
Core:
If there is a
hierarchy of auth methods/contexts (1 thru 4, 1 being the lowest/weakest),
if the RequestedAuthnContext specifies
1. auth context of 2
and 3 with comparison "maximum", then either 1, 2, or 3 would satisfy this
portion of the request (the s strongest of these should always be
returned). I.e., if t he user at the authority authenticated with only 1, that
would be fine to satisfy this request. As a note, only 4 would not be
allowed.
2. for "better",
does the phrase "stronger than any one" mean "stronger than all"
or "stronger than one"? As an example, consider auth context of 2 and 3
with comparison "better", the former interpretation suggests that only 4 would
satisfy the request (as 4 is stronger than both 2 and 3). My latter
interpretation would suggest that 3 or 4 would satisfy it (as 3 is strong than
2).
Thanks,
Tom.
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]