RE: [security-services] Potential errata on AuthnContextDeclRef/ClassRef

[<robert.philpott@rsa.com>]

Agreed - I don't believe I've ever seen anyone even use a AuthnContextDecl.  Have you? We've certainly never run across a customer or partner that needed it (and thus don't support it today).

Rob Philpott | Senior Technologist | RSA, the Security Division of EMC
eMail: robert.philpott@rsa.com | Office: 781.515.7115 | Mobile: 617.510.0893


> -----Original Message-----
> From: Cantor, Scott [mailto:cantor.2@osu.edu]
> Sent: Friday, June 01, 2012 11:19 AM
> To: Philpott, Robert; security-services@lists.oasis-open.org
> Subject: Re: [security-services] Potential errata on
> AuthnContextDeclRef/ClassRef
>
> On 6/1/12 11:18 AM, "robert.philpott@rsa.com"
> <robert.philpott@rsa.com>
> wrote:
>
> >Yep - it's always seemed common sense to me... include "class" URN's as
> >ClassRef elements and put your "custom" declaration reference URI's in
> >DeclRef.  But since we received an assertion from a new partner site
> >(with a custom implementation) that put the URN in the DeclRef, I figured
> >I'd check back with you guys before I definitively told them to ask the
> >partner to change it. Just wanted to make sure there wasn't some obscure
> >use case I had forgotten about.
>
> That assumes the custom thing was a decl ref. Custom classes are certainly
> allowed, and much more common. A decl is pretty unusual.
>
> -- Scott
>