OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [Issue] Authentication Strength

In writing up the Authentication Method issue, I decided to propose an
additional issue Authentication Strength, as DS-7-03.  (There has to be some
advantage to being the editor.) Since this issue has not previously appeared
on email, I am including it here for the archive.

SAML has identified a requirement to indicate that a negative AuthZ decision
might be changed if a "stronger" means of AuthN was used. In support of this
it is useful to introduce the concept of AuthN strength. AuthN strength is
an element containing an integer representing strength of AuthN, where a
larger number is considered stronger. Individual deployments could assign
numbers to particular AuthN methods according to their policies. This would
allow an AuthZ policy to state that the required AuthN must exceed some

Possible Resolutions:

1.	Add an AuthN strength element.
2.	Do not add an AuthN strength element.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC