OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] FW: [security-bindings] Multiple authn assertions in one Browser Artifact Profile exchange?

Maybe this has been answered in some downstream discussion
but my point was the following:

If I claim:

 P and Q and R 

and you believe my claims, then you are
free to accept any of the following:


P and Q

Q and R

... (in other words, the conventional meaning of conjunction).

As I understand core-2*, a set of assertions is viewed
as a conjunction and an RP can root around and pick out those
pieces it is interested in (as in the demonstration above).

Disjunction has a completely different meaning. If I claim:

P or Q or R

well, then you are stuck with this statement - accepting
its validity carries no implication for the validity of
its constitutents. 

- prateek

>>> Generally speaking the RP's attitude should be to find
>>> the information it requires amongst the plurality of
>>> information and make its judgement. If there are multiple
>>> AuthN statements, well, it can pick out the pieces
>>> it needs and render its decision.
>>This seems to me to be saying the opposite of the above.
>>Stephen Farrell         				   
>>Baltimore Technologies,   tel: (direct line) +353 1 881 6716
>>39 Parkgate Street,                     fax: +353 1 881 7000
>>Dublin 8.                mailto:stephen.farrell@baltimore.ie
>>Ireland                             http://www.baltimore.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC