OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: Re: [security-services] Some questions about saml assurance profile


On 2014-03-2022:55Cantor, Scott <cantor.2@osu.edu> wrote:
>
>On 3/19/14, 10:43 PM, "chenjianyonglab@163.com" <chenjianyonglab@163.com>
>wrote:
>
>>Here are some questions about assurance profile.
>> In draft
>>(http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-assurance-prof
>>ile-draft-02.html),
 
>That is not the published version, FWIW.
 
Yes, i know. But where can i get the latest file?

>>However, there is another usecase that loa is for attribute in
>>authorization phase. When requests addtional attributes for
>>authorization, RP expresses its expected loa for attribute(s). On
>>received the request, IdP can response attribute(s) that meet the
>> loa requirement or response error. Is the profile for the usecase?
 
>No. There are no proposed schemes for talking about attribute assurance
>and there is little evidence that real applications are going to be able
>to handle per-attribute qualifiers of any kind, let alone for a concept as
>poorly defined as assurance.
 
yeah, maybe assurance is not a good concept. But, I think the truth of attribute is required for services. For example, the truth level of attribute(s) that SP requires for a bank transaction typically is different from that for a social network. 


Juan Wei
Shenzhen University, China
Email:chenjianyonglab@163.com

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]