OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [saml-dev] Does an Authentication Context URN actually reference an XML file?


> Now I'm confused.  Did I misinterpret your previous statement?  I
> thought that you said that the URN in <AuthnContextClassRef> is not to
> be interpreted other than to indicate that some XML instance document
> somewhere is schema-valid?  Isn't that what you are saying here:
> 
> ... "the actual declaration instance, should it be known, is
> schema-valid with respect to the schema associated with that class
> URN".

Yes, but if the schema restricts the resulting instance such that you're
satisfied with all the possible outcomes, then that's enough. And to be
honest, if it doesn't, you're screwed because there's no way you're going to
write code to go look at the instance. Are you?

> So, if the URN in <AuthnContextClassRef> has no semantic meaning,

I never said that. I just said that when asked a technical question, I
prefer to give a technical answer and leave the people who care to argue
over whether the semantics mean what they want it to.

> then
> there must be a URL to an XML file that I (the Relying Party) can read
> to get details on the context for authentication.  Yes?  

In theory, but what do you expect you'll do with it? Build some kind of
XPath rules engine that runs every time somebody logs in?

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]