[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Groups - authentication-context.pdf uploaded
Reid, Irving wrote: > > The way I look at it, the new Authn Context proposal is a workaround for the > fact that we chose too restrictive a schema for the "authentication method" > field in SAML 1.0. correct. > It's not being used to attest to the strength of the _assertion_; it's being > used, in the context of a profile or set of terms-of-service agreed to by > the asserting and relying parties, to convey more details about how the > asserting party authenticated the subject. correct. > Said profile or terms-of-service can define a specific schema for the > Authentication Context, and a concept of "strength of authentication" based > on instances of that schema. correct, /but/ we try very hard to not have a notion of "strength" in the spec itself, because "strength of authn is in the eye of the relying party (aka beholder)". So, in the context of a trust circle or whatever you want to call it, there may be agreed-upon notions of "quality of authn", and particular expressions of said quality expressed via authn context components. JeffH
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]