[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication
Scott,
No, I'm not saying anything about how to represent the principal's name.
That's totally orthogonal to this issue. The Kerberos name format has
nothing to do with how the principal has authenticated at a given point in
time, I'm sorry if that's been misunderstood. We have never said anything
about requiring specific forms of authentication in order to "allow" the use
of a given Format.
I'm talking only about the AuthenticationMethod defined in SAML 1.1 that
says urn:ietf:rfc:1510 or whatever it was.
Tim> ok, I think I made a typing mistake in my email that you are commenting on. I didn't mean to refer to "AuthMethod Name format", but just "AuthenticationMethod". So, it is appears to me that you are suggesting we don't represent an assertion using AuthenticationMethod of urn:ietf:rfc:1510 because you don't consider this method of using Kerberos as actual Kerberos authentication, but simply another way to check password ? Is this correct ?
So, once again - sorry to bring up the NameIdentifier format by mistake and confuse this discussion - we are not discussing this, only the AuthenticationMethod and when it should or should not say Kerberos was used for authentication. Agreed ?
Thanks, Tim.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]