[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Question on SAML V2.0 Identity AssuranceProfiles ,Version 1.0
I suggest you need to update your CS spec if you want to explicitly rule this out because your current text does not. In fact it appears to be general enough to allow for any assurance criteria which users wish to specify (which I would have thought is a good thing). Additionally a) your schema allows multiple value and b) your text implies it by stating " Multiple values MAY be present." Furthermore, whilst an AuthenticationContext might be singular wrt a uri, its semantics can be anything. So all this means is that we need to define a set of n*m URIs rather than n+m URIs. Inconvenient but not a show stopper. thanks for your help David On 15/07/2011 18:44, Cantor, Scott E. wrote: > On 7/15/11 1:40 PM, "David Chadwick"<d.w.chadwick@kent.ac.uk> wrote: >> >> We have built a system which requires the LOA to be split into two >> components, the registration LOA and the authentication/login LOA. >> >> I's like to know if you have envisaged your CD to be used to represent >> this. > > No, it's explicitly not allowable because the binding here is to > AuthenticationContext classes, which are singular in assertions without > getting into some edge cases. > >> So could I for example send this in the IDP's metadata > > No, because that's illegal syntactically. You can have multiple values, > but they're in parallel, not linked. > >> Similarly we want to be able to send this dynamically in a SAML >> assertion. I presume it would be admissable there as well? > > No. > > -- Scott > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security School of Computing, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]