[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] some changes in requirements draft 3
Can I suggest that we use the same structure as SAML for including the name with a type identifier (but without the rest of the SAML structure) or the full SAML structure. Again can we have the ability to identify the authentication algorithm without the full SAML structure (and its associated semantics). Nick > -----Original Message----- > From: Trevor Perrin [mailto:trevp@trevp.net] > Sent: 08 April 2003 17:43 > To: Nick Pope; dss@lists.oasis-open.org > Subject: RE: [dss] some changes in requirements draft 3 > > > At 02:23 PM 4/8/2003 +0100, Nick Pope wrote: > > >Regarding the requestor identity (3.2.1), I think that it is > important that > >this is extensible to cover alternative name forms. > > A SAML Assertion's <NameIdentifier> has a <Format> URI value to > specify the > name form (see 2.4.2.2 in the document below). > > Maybe the 2nd bullet should be "String or some other identity > representation", since it could conceivably be a string with some sort of > format identifier. > > I think John Messing's question was more about representing identity in > some other way than as a signed attribute. Maybe he can speak to this. > > > > >Also, I suggest that there should be a means of identifying the > >authentication mechanaism used to confirm the requestor's identity in the > >signature. This could be directly by an identifier to the authentication > >mechanism, or as part of some more general policy identifier. > > SAML Assertions can do this as well, there's an > <AuthenticationMethod> URI > value in an <AuthenticationStatement>, see 2.4.3 - > http://www.oasis-open.org/committees/download.php/1371/oasis-sstc- saml-core-1.0.pdf Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]