[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] some changes in requirements draft 3
At 02:23 PM 4/8/2003 +0100, Nick Pope wrote: >Regarding the requestor identity (3.2.1), I think that it is important that >this is extensible to cover alternative name forms. A SAML Assertion's <NameIdentifier> has a <Format> URI value to specify the name form (see 2.4.2.2 in the document below). Maybe the 2nd bullet should be "String or some other identity representation", since it could conceivably be a string with some sort of format identifier. I think John Messing's question was more about representing identity in some other way than as a signed attribute. Maybe he can speak to this. >Also, I suggest that there should be a means of identifying the >authentication mechanaism used to confirm the requestor's identity in the >signature. This could be directly by an identifier to the authentication >mechanism, or as part of some more general policy identifier. SAML Assertions can do this as well, there's an <AuthenticationMethod> URI value in an <AuthenticationStatement>, see 2.4.3 - http://www.oasis-open.org/committees/download.php/1371/oasis-sstc-saml-core-1.0.pdf Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]