[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Authentication Method
I think this is a job for the new (Liberty derived) AuthenticationContext. You can add arbitrary details about the issuance policy, strength of token, etc. - irving - > -----Original Message----- > From: John Hughes [mailto:john.hughes@entegrity.com] > Sent: March 12, 2004 04:05 > To: security-services@lists.oasis-open.org > Subject: [security-services] Authentication Method > > > As Tim and I complete the Kerberos Solution profiles doc - > ready for the 16th - we have come across an issue we would > like to raise - in order to get some feedback. > > > Kerberos currently - as far as the authentication method is > concerned - is > identified by: URI: urn:ietf:rfc:1510. > > However as a number of you may be aware Kerberos supports a > number of authentication techniques, including PKI/X.509, > username/pw, and hardware tokens. We believe this should be > identified in the assertion. Hence we would like to have a > set of AuthenticationMethods defined. For instance: > > URI: urn:ietf:rfc:1510 and > URI: urn:oasis:names:tc:SAML:1.0:am:password > > > This requirement is not unique to Kerberos - but to any > multi-factor authentication system > > Currently the schema permits only a single > AuthenticationMethod attribute > > > > Thoughts? > > > John > > > > > > > > > > To unsubscribe from this mailing list (and be removed from > the roster of the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/security-services /members/leave_workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]