OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] Does an Authentication Context URN actuallyreference an XML file?

On 5/4/06 12:39 PM, "Scott Cantor" <cantor.2@osu.edu> wrote:

>> then
>> there must be a URL to an XML file that I (the Relying Party) can read
>> to get details on the context for authentication.  Yes?
> In theory, but what do you expect you'll do with it? Build some kind of
> XPath rules engine that runs every time somebody logs in?
> -- Scott

I can imagine that the RP might incorporate the document referred to in
<AuthnContextClassRef> into the business agreement with the IDP, and then
they might occasionally spot-check the version in their agreement with the
version referenced in the assertion (maybe comparing a hash or a signature).

Just a thought.  I'm not sure it really buys you anything, because you are
totally relying on the IDP to actually authenticate the way they claim they
are authenticating.  It's all based on trust (and lawyers).

Eric  Tiffany             |  eric@projectliberty.org
Interop Tech  Lead        |  +1 413-458-3743
Liberty Alliance          |  +1 413-627-1778 mobile

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]