OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Groups - authentication-context.pdf uploaded

Reid, Irving wrote:
> The way I look at it, the new Authn Context proposal is a workaround for the
> fact that we chose too restrictive a schema for the "authentication method"
> field in SAML 1.0.


> It's not being used to attest to the strength of the _assertion_; it's being
> used, in the context of a profile or set of terms-of-service agreed to by
> the asserting and relying parties, to convey more details about how the
> asserting party authenticated the subject.


> Said profile or terms-of-service can define a specific schema for the
> Authentication Context, and a concept of "strength of authentication" based
> on instances of that schema.

correct, /but/ we try very hard to not have a notion of "strength" in the spec 
itself, because "strength of authn is in the eye of the relying party (aka 

So, in the context of a trust circle or whatever you want to call it, there may 
  be agreed-upon notions of "quality of authn", and particular expressions of 
said quality expressed via authn context components.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]