OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication


Title: RE: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication

John,

Ok, thanks. I look forward to reviewing this when available. I will keep a look out ...

Regards, Tim.

-----Original Message-----
From: John Kemp [mailto:john.kemp@nokia.com]
Sent: 14 April 2004 18:20
To: ext Tim Alsop
Cc: Scott Cantor; security-services@lists.oasis-open.org
Subject: Re: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication

Tim,

I am working on the AuthnContext, and the mapping of SAML authentication
methods to either the AC schema itself, or where possible, appropriate
authentication context classes. I am working on a new draft of the
document, and believe it will deal with your concerns as we've discussed
in this thread.

Cheers,

- JohnK

ext Tim Alsop wrote:

> Yes, I think the sense is that we're going to be able to dump Method and
> move it into a set of context class URIs, that would keep the URIs the
> same,
> if we want. Or if we change them, then it's moot, I guess. And context
> classes are not the best way to capture preauth, given the potential
> variability, so using actual AuthnContext statements and making sure the
> SAML schema for that can capture this information is the real work item.
>
> Tim> So, can I assume that AuthnContext has been, or will be specified
> to support Kerberos pre-auth ? I guess I am just making sure that this
> work item is currently owned by somebody ?
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]