OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Authentication Method

As Tim and I complete the Kerberos Solution profiles doc - ready for the
16th - we have come across an issue we would like to raise - in order to get
some feedback.

Kerberos currently - as far as the authentication method is concerned - is
identified by:   URI: urn:ietf:rfc:1510.

However as a number of you may be aware Kerberos supports a number of
authentication techniques, including PKI/X.509, username/pw, and hardware
tokens.  We believe this should be identified in the assertion.  Hence we
would like to have a set of AuthenticationMethods defined.  For instance:

	URI: urn:ietf:rfc:1510   and
	URI: urn:oasis:names:tc:SAML:1.0:am:password

This requirement is not unique to Kerberos - but to any multi-factor
authentication system

Currently the schema permits only a single AuthenticationMethod attribute



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]