[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Question on SAML V2.0 Identity Assurance Profiles ,Version 1.0
Hi Paul, Bob, Scott
I have a question on your latest CD.
We have built a system which requires the LOA to be split into two
components, the registration LOA and the authentication/login LOA.
I's like to know if you have envisaged your CD to be used to represent this.
So could I for example send this in the IDP's metadata
<saml:AttributeValue>
http://foo.example.com/assurance/regloa1
http://foo.example.com/assurnace/loginloa3
</saml:AttributeValue>
This could be used to represent authentication by a Versign Class 1
certificate which does very little registration (level 1) but whose
authn/login strength is much higher (say level 3).
Similarly we want to be able to send this dynamically in a SAML
assertion. I presume it would be admissable there as well?
regards
David
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]