[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication
John, When I open the document named sstc-saml-authn-context-2.0-draft-04a-diff.pdf the first page shows : Working Draft 03, 19 February 2004 Document identifier: draft-sstc-authn-context-v1.0-03.doc Is this the latest version ? Is it possible that the pdf version of this document is wrong ? Thanks, Tim. -----Original Message----- From: John Kemp [mailto:john.kemp@nokia.com] Sent: 26 May 2004 05:02 To: Tim Alsop Cc: Scott Cantor; security-services@lists.oasis-open.org; Tim Alsop Subject: Re: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication Tim, I believe 4a contains a Kerberos authentication context class. I don't assert that it's all complete, but I do think there's a Kerberos authentication context class schema in there (page 52 of the PDF I think) I think I also added a "ExternalVerification" attribute to the PasswordType which allows you to say that a password is "externally verified" via Kerberos, which covers the other case that was discussed. Both of these things are in the current 04a-diff draft. - JohnK ext Tim Alsop wrote: >John, > >In the latest AuthnContext draft (04a) I don't see any reference to this >discussion, so can I assume you haven't been able to document your >solution yet, or did I miss something? > >Regards, Tim. > >-----Original Message----- >From: Tim Alsop >Sent: 14 April 2004 18:12 >To: John Kemp; Tim Alsop >Cc: Scott Cantor; security-services@lists.oasis-open.org >Subject: RE: [security-services] RE: AuthenticationMethod / >NameIdentifier and Kerberos authentication > >John, > >Ok, thanks. I look forward to reviewing this when available. I will keep >a look out ... > >Regards, Tim. > >-----Original Message----- >From: John Kemp [mailto:john.kemp@nokia.com] >Sent: 14 April 2004 18:20 >To: ext Tim Alsop >Cc: Scott Cantor; security-services@lists.oasis-open.org >Subject: Re: [security-services] RE: AuthenticationMethod / >NameIdentifier and Kerberos authentication > >Tim, > >I am working on the AuthnContext, and the mapping of SAML authentication > >methods to either the AC schema itself, or where possible, appropriate >authentication context classes. I am working on a new draft of the >document, and believe it will deal with your concerns as we've discussed > >in this thread. > >Cheers, > >- JohnK > >ext Tim Alsop wrote: > > > >>Yes, I think the sense is that we're going to be able to dump Method >> >> >and > > >>move it into a set of context class URIs, that would keep the URIs the >> >> > > > >>same, >>if we want. Or if we change them, then it's moot, I guess. And context >>classes are not the best way to capture preauth, given the potential >>variability, so using actual AuthnContext statements and making sure >> >> >the > > >>SAML schema for that can capture this information is the real work >> >> >item. > > >>Tim> So, can I assume that AuthnContext has been, or will be specified >> >> > > > >>to support Kerberos pre-auth ? I guess I am just making sure that this >> >> > > > >>work item is currently owned by somebody ? >> >> >> > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]