OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [security-services] Some questions about saml assurance profile


Hi Scott,

Here are some questions about assurance profile.
 In draft (http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-assurance-profile-draft-02.html), there are two key usecases for assurance: 
1. Allowing an IdP to advertise those LOA for which it has been certified able to meet the associated
requirements.
2. Allowing an RP to express its expectations for the LOA at which a user should be authenticated
and, conversely, allow an IdP to indicate the actual LOA in its responses.
It seems that the first one is aimed at IdP itself, the second is aimed at RP at authentication phase if I understand right.

However, there is another usecase that loa is for attribute in authorization phase. When requests addtional attributes for authorization, RP expresses its expected loa for attribute(s). On received the request, IdP can response attribute(s) that meet the loa requirement or response error. Is the profile for the usecase?

-Juan.


Juan Wei
Shenzhen University
chenjianyonglab@163.com


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]