[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] Does an Authentication Context URN actually reference an XML file?
Thanks again Scott. Then, would it be fair to say that an
assertion that contains just an <AuthnContextClassRef> is fairly useless:
<AuthnContext>
<AuthnContextClassRef>
urn:oasis:names:tc:2.0:ac:classes:PasswordProtectedTransport
</AuthnContextClassRef> </AuthnContext> A useful assertion would identify both the class, as well as the URL to
the actual XML file:
<AuthnContext>
<AuthnContextClassRef>
urn:oasis:names:tc:2.0:ac:classes:PasswordProtectedTransport
</AuthnContextClassRef>
<AuthnContextDeclRef>
http://www.AirlineInc.com/foo.xml
</AuthnContextDeclRef> </AuthnContext> Correct? /Roger -----Original Message----- > The URN does not indicate the name of a resource (XML file) > that contains details about how the authentication was
accomplished. > > Correct? Yes. > The URN is just a label. It is a label with this semantics > "The subject was authenticated through the presentation of a > password over a protected session." > > Correct? I prefer to be technically precise and leave interpretation to others.
What it means is "the actual declaration instance, should it be known,
is schema-valid with respect to the schema associated with that class
URN". The class schemas restrict the possible content that can appear, apart
from extension points that are still open. > Suppose that an IdP creates an XML document (let's call it > foo.xml) which conforms to > saml-schema-authn-context-ppt-2.0.xsd (this is the schema > that has as its targetNamespace the above URN), and foo.xml > contains all the details about how a Subject was > authenticated. Suppose that the IdP wants to tell the > Relying Party, "The subject was authenticated through the > presentation of a password over a protected session, and if > you want to see the authentication details then view foo.xml > at this URL _____". How would this be expressed? By adding the URL to foo.xml as the AuthnContextDeclRef element in the statement. -- Scott |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]