OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups - authentication-context.pdfuploaded

Hi,

Thanks for your comments.

It seems that you think that the people who decided that they need to define the
authentication context either didn't understand what SAML 1.0 provided, or they
had some business requirements you don't agree on.

Many of the SAML 1.0/1.1 developers have been involved in the creation and
development of Authentication context, so I think they knew what was needed.

Regarding the business requirements, life has taught me that customers tend to
know what they need and want......

Whether Liberty Authentication Context spec is usable in SAML 2.0, I trust that folks
within this TC will make the right decisions as to what functionality is needed and
what is the right technical solution to deliver that functionality. That decision might
not include the use of Liberty authentication context spec even if similar functionality
is required.

-Timo

On Tue, 2003-12-09 at 06:34, ext Anthony Nadalin wrote: 


>This enables SP to make the right business decision and execute the
transaction
>properly.

I would say that this use case would be covered by an attribute assertion
and no need for a context, The context should just be an attribute
assertion(s)

>No it's not, it has been explicitly designed so that it can be
separated....  It's addressing real business needs of a number of
customers.
>The example above is just on of the many business use cases related to
authentication context.

As I say above this should be looked at in the SAML context not the Liberty
context and lets look at using attributes and not pull in Liberty
infrastructure for the sake of it.

>Strength of an assertion is subjective and a business decision,
authentication
>context simply allows one to request a certain authentication mechanism
and
>then to be informed what mechanism was actually used. Any other semantics
>are related to the business model used within a specific transaction.

What value is this if there are interoperability issues with the
interpretation since its subjective to the application ? The application
should just use existing SAML infrastructure (attributes).


Anthony Nadalin | work 512.436.9568 | cell 512.289.4122

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]