[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: AuthnContext comparison clarifications
Fulfilling an action item, here is a suggested clarification we might want to make to core section 3.3.2.2.1. Conor noted that contexts are not necessarily a fully ordered set, so we might note this to aid in the interpretation of the comparison types, such as the following after line 1819: "Note that while the references are evaluated in order, they do not necessarily (or even typically) constitute an ordered set relative to each other for comparison purposes. References can be to distinct classes that do not relate to each other directly in terms of "strength". Therefore, the following comparison rules are meant to be applied individually to each input reference. Satisfying a particular comparison with respect to a *single* input reference is sufficient to satisfy the request." I believe this rule (satisfying a single input) applies across all of the comparison options and is the intent behind the text. It also seems to provide a straightforward algorithm to use in each case by just requiring that each input be fed into the comparison operation one at a time until one is satisfied, and you never have to keep going once you do. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]