OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [saml-dev] [SAML2] system in authentication statement


> is there any possibility to write in an authentication 
> statement for which system a subject has initially been authenticated?

If you're asking which party authenticated the user, that would be
the Issuer of the assertion as the authentication statement is
specifying
how the user was authenticted by the issuer.

If you're asking which relying party initiated the process for the
first authentication in the SSO session, this would probably be 
considered a privacy leak in most situations, but it would be 
possible for you to create an AttributeStatement that had such
data in it.

If your asking which system the user should be granted access to,
that probably should be an AuthorizationDecision Statement.

Conor

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]