OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [security-services] Authentication Methods - Proposed changes tocore-29


Title: Authentication Methods - Proposed changes to core-29
Proposed complete text:
 

Subject Confirmation Methods are defined in the SAML Profile or Profiles in which they are used [SAMLBind]. Additional methods may be added by defining new profiles or by private agreement.

The following identifiers refer to SAML specified Authentication methods. Where Base64 encoding is specified the data is encoded as specified by [RFC 2045].

1.1.1. Password (Pass-Through):

URI: urn:oasis:names:tc:SAML:1.0:am:password

The authentication was performed by means of a password.

1.1.2. Kerberos

URI: urn:ietf:rfc:1510

<SubjectConfirmationData>: A Kerberos Ticket

Theauthentication was performed by means of the Kerberos protocol [RFC 1510], an instantiation of the Needham-Schroeder symmetric key authentication mechanism [Needham78] .

1.1.3. SSL/TLS Certificate Based Client Authentication:

URI: urn:ietf:rfc:2246

The authentication was performed using either the SSL or TLS protocol with certificate based client authentication. TLS is described in [RFC 2246].

1.1.4. X.509 Public Key

URI: urn:oasis:names:tc:SAML:1.0:am:X509-PKI

The authentication was performed by some (unspecified) mechanism on a key authenticated by means of an X.509 PKI. It may have been one of the mechanisms for which a more specific identifier has been defined below.

1.1.5. PGP Public Key

URI: urn:oasis:names:tc:SAML:1.0:am:PGP

The authentication was performed by some (unspecified) mechanism on a key authenticated by means of a PGP web of trust. It may have been one of the mechanisms for which a more specific identifier has been defined below.

1.1.6. SPKI Public Key

URI: urn:oasis:names:tc:SAML:1.0:am:SPKI

The authentication was performed by some (unspecified) mechanism on a key authenticated by means of a SPKI PKI. It may have been one of the mechanisms for which a more specific identifier has been defined below.

1.1.7. XKMS Public Key

URI: urn:oasis:names:tc:SAML:1.0:am:XKMS

The authentication was performed by some (unspecified) mechanism on a key authenticated by means of a XKMS trust service. It may have been one of the mechanisms for which a more specific identifier has been defined below.

1.1.8. XML Digital Signature

URI: urn:ietf:rfc:3075

The authentication was performed by means of an XML digital signature [RFC 3075].
-----Original Message-----
From: Hallam-Baker, Phillip [mailto:pbaker@verisign.com]
Sent: Wednesday, April 03, 2002 4:08 PM
To: 'Hal Lockhart'; 'Philpott, Robert'; security-services@lists.oasis-open.org
Subject: RE: [security-services] Authentication Methods - Proposed changes to core-29

A couple of other comments:
 
1) The authentication was performed by means of a password.
    rather than using which the grammar checker complains at
 
2) We should have an XKMS method in here since people are much more likely to use that with SAML than PGP or SPKI
 

 7 .1.5  XKMS Public Key

URI: urn:oasis:names:tc:SAML:1.0:am: XKMS 

The authentication was performed by some (unspecified) mechanism  on a public key obtained using XKMS . It may have been one of the mechanisms for which a more specific identifier has been defined below.

        Phill


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC