[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] AI #88 - AuthnContext clarification
> When embedded in metadata (and it could be done through any of the three > mechanisms you identity below) the authentication context would be a logical > boast by the IDP along the lines of 'I can do this'. When embedded within a > particular assertion, its 'I did this'. But am I correct that the metadata schema in ID-FF doesn't include this? Or did I just overlook it? > Actually, some classes are more specific. For instance the Password class > requires that the password be 3 characters or greater. Ah, I missed that, thanks. > Additionally, context classes, although lablelled by their authentication > mechanisms, do specify information beyond that listed in SAML's > AuthenticationMethod. Yes, but what I meant by that comment was that in general a SAML Auth Method seems to just say "this is a broad label for the kind of stuff we did" and that seems to match what the classes say, kind of. Maybe it's a stretch. > I think of the class ref as a ahorthand for the actual context statement, if > both are included the IDP is saying 'here are the details if you're > interested, if not, here is the reader's digest version. Except that the class ref is a fixed URI that won't vary based on the actual statement's contents, right? So it's not really a condensed version but more like a signal that the statement itself is condensed from the full syntax possible. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]