[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Does an Authentication Context URN actually reference an XML file?
> The URN does not indicate the name of a resource (XML file) > that contains details about how the authentication was accomplished. > > Correct? Yes. > The URN is just a label. It is a label with this semantics > "The subject was authenticated through the presentation of a > password over a protected session." > > Correct? I prefer to be technically precise and leave interpretation to others. What it means is "the actual declaration instance, should it be known, is schema-valid with respect to the schema associated with that class URN". The class schemas restrict the possible content that can appear, apart from extension points that are still open. > Suppose that an IdP creates an XML document (let's call it > foo.xml) which conforms to > saml-schema-authn-context-ppt-2.0.xsd (this is the schema > that has as its targetNamespace the above URN), and foo.xml > contains all the details about how a Subject was > authenticated. Suppose that the IdP wants to tell the > Relying Party, "The subject was authenticated through the > presentation of a password over a protected session, and if > you want to see the authentication details then view foo.xml > at this URL _____". How would this be expressed? By adding the URL to foo.xml as the AuthnContextDeclRef element in the statement. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]