OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication


I am working on the AuthnContext, and the mapping of SAML authentication 
methods to either the AC schema itself, or where possible, appropriate 
authentication context classes. I am working on a new draft of the 
document, and believe it will deal with your concerns as we've discussed 
in this thread.


- JohnK

ext Tim Alsop wrote:

> Yes, I think the sense is that we're going to be able to dump Method and
> move it into a set of context class URIs, that would keep the URIs the 
> same,
> if we want. Or if we change them, then it's moot, I guess. And context
> classes are not the best way to capture preauth, given the potential
> variability, so using actual AuthnContext statements and making sure the
> SAML schema for that can capture this information is the real work item.
> Tim> So, can I assume that AuthnContext has been, or will be specified 
> to support Kerberos pre-auth ? I guess I am just making sure that this 
> work item is currently owned by somebody ?

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]