OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups - authentication-context.pdf uploaded

So why can't we extend the authentication method schema instead?

-----Original Message-----
From: Jeff Hodges [mailto:Jeff.Hodges@Sun.COM]
Sent: Tuesday, October 14, 2003 2:52 PM
To: security-services@lists.oasis-open.org
Subject: Re: [security-services] Groups - authentication-context.pdf

Reid, Irving wrote:
> The way I look at it, the new Authn Context proposal is a workaround for the
> fact that we chose too restrictive a schema for the "authentication method"
> field in SAML 1.0.


> It's not being used to attest to the strength of the _assertion_; it's being
> used, in the context of a profile or set of terms-of-service agreed to by
> the asserting and relying parties, to convey more details about how the
> asserting party authenticated the subject.


> Said profile or terms-of-service can define a specific schema for the
> Authentication Context, and a concept of "strength of authentication" based
> on instances of that schema.

correct, /but/ we try very hard to not have a notion of "strength" in the spec 
itself, because "strength of authn is in the eye of the relying party (aka 

So, in the context of a trust circle or whatever you want to call it, there may 
  be agreed-upon notions of "quality of authn", and particular expressions of 
said quality expressed via authn context components.


To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/leave_workgroup.php.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]