[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] RE: AuthenticationMethod / NameIdentifier andKerberos authentication
> I think the problem here is that I am considering the bigger > picture outside of the browser WebSSO profile and you are > considering the specifics of the WebSSO profile and how this > might, or might not reference Kerberos authentication. Is > this roughly correct ? Yes, I'm at least saying that the context of use matters. I wasn't making a blanket statement. > If so, I can now see that in the context of the WebSSO > profile in SAML 2.0 having a Kerberos client on a web server > to validate userid/password could be considered as the same > as any other password validation method installed on the web > server and I guess this is your point - hence you are > suggesting if this is the case the assertion should not use > the Kerberos AuthMethod name format, but some other > representation of the principal ? If so, what are you > suggesting is used instead ? No, I'm not saying anything about how to represent the principal's name. That's totally orthogonal to this issue. The Kerberos name format has nothing to do with how the principal has authenticated at a given point in time, I'm sorry if that's been misunderstood. We have never said anything about requiring specific forms of authentication in order to "allow" the use of a given Format. I'm talking only about the AuthenticationMethod defined in SAML 1.1 that says urn:ietf:rfc:1510 or whatever it was. To use another example, we have a Format for X.500 names, but nobody ever said that to use it you have to authenticate with X.509 certs or an LDAP bind. Or even stretching further, DCE cells can be named globally, and you could argue that a DCE principal in such a cell could be named either in Kerberos format or in X.500 format, as required in an application. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]