OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication


Title: RE: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication

Scott,

When the IESG complete their review of Kerberos clarifications the Kerberos 5 protocol will be assigned a new RFC number, so using 1510 is not good moving forward ? Maybe we can support both :1510 and :Kerberos in SAML 2.0 for backwards compatability ?

Tim.

-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu]
Sent: 14 April 2004 17:51
To: 'Tim Alsop'
Cc: security-services@lists.oasis-open.org
Subject: RE: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication

> We are in agreement that AuthenticationMethod should be used
> to represent a Kerberos based authentication using the
> following syntax :
>
>                 AuthenticationMethod="urn:ietf:rfc:Kerberos"
>                 and NOT :
>                 AuthenticationMethod="urn:ietf:rfc:1510"

I think that's fine, though the 1510 version is already in SAML 1.1, so I
guess we should consider whether it's worth changing.

> And, we have agreed that the pre-auth type is more
> appropriately represented in a context statement in the
> assertion and NOT as part of the AuthenticationMethod statement ?

Yes, I think the sense is that we're going to be able to dump Method and
move it into a set of context class URIs, that would keep the URIs the same,
if we want. Or if we change them, then it's moot, I guess. And context
classes are not the best way to capture preauth, given the potential
variability, so using actual AuthnContext statements and making sure the
SAML schema for that can capture this information is the real work item.

> I think this summarises the discussion so far ? I don't think

I think so.

-- Scott



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]