[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication
Paul/John, So, is this the latest version of the document with an incorrect header, or an old version with wrong filename ? Tim. -----Original Message----- From: Paul Madsen [mailto:p.madsen@entrust.com] Sent: 26 May 2004 20:14 To: Tim Alsop; John Kemp Cc: security-services@lists.oasis-open.org; Tim Alsop Subject: RE: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication Tim, I believe John is off line at Liberty meetings but I believe you are correct that there is a mismatch between the document header, it doesn't accurately reflect the actual doc version. John, if you are online, apologies for jumping in. Paul >-----Original Message----- >From: Tim Alsop [mailto:Tim.Alsop@CyberSafe.Ltd.UK] >Sent: Wednesday, May 26, 2004 3:08 PM >To: John Kemp >Cc: Scott Cantor; security-services@lists.oasis-open.org; Tim Alsop >Subject: RE: [security-services] RE: AuthenticationMethod / >NameIdentifier and Kerberos authentication > > >John, > >When I open the document named >sstc-saml-authn-context-2.0-draft-04a-diff.pdf the first page shows : > >Working Draft 03, 19 February 2004 >Document identifier: >draft-sstc-authn-context-v1.0-03.doc > >Is this the latest version ? Is it possible that the pdf >version of this >document is wrong ? > >Thanks, Tim. > >-----Original Message----- >From: John Kemp [mailto:john.kemp@nokia.com] >Sent: 26 May 2004 05:02 >To: Tim Alsop >Cc: Scott Cantor; security-services@lists.oasis-open.org; Tim Alsop >Subject: Re: [security-services] RE: AuthenticationMethod / >NameIdentifier and Kerberos authentication > >Tim, > >I believe 4a contains a Kerberos authentication context class. I don't >assert that it's all complete, but I do think there's a Kerberos >authentication context class schema in there (page 52 of the PDF I >think) > >I think I also added a "ExternalVerification" attribute to the >PasswordType which allows you to say that a password is "externally >verified" via Kerberos, which covers the other case that was discussed. > >Both of these things are in the current 04a-diff draft. > >- JohnK > >ext Tim Alsop wrote: > >>John, >> >>In the latest AuthnContext draft (04a) I don't see any reference to >this >>discussion, so can I assume you haven't been able to document your >>solution yet, or did I miss something? >> >>Regards, Tim. >> >>-----Original Message----- >>From: Tim Alsop >>Sent: 14 April 2004 18:12 >>To: John Kemp; Tim Alsop >>Cc: Scott Cantor; security-services@lists.oasis-open.org >>Subject: RE: [security-services] RE: AuthenticationMethod / >>NameIdentifier and Kerberos authentication >> >>John, >> >>Ok, thanks. I look forward to reviewing this when available. I will >keep >>a look out ... >> >>Regards, Tim. >> >>-----Original Message----- >>From: John Kemp [mailto:john.kemp@nokia.com] >>Sent: 14 April 2004 18:20 >>To: ext Tim Alsop >>Cc: Scott Cantor; security-services@lists.oasis-open.org >>Subject: Re: [security-services] RE: AuthenticationMethod / >>NameIdentifier and Kerberos authentication >> >>Tim, >> >>I am working on the AuthnContext, and the mapping of SAML >authentication >> >>methods to either the AC schema itself, or where possible, >appropriate >>authentication context classes. I am working on a new draft of the >>document, and believe it will deal with your concerns as we've >discussed >> >>in this thread. >> >>Cheers, >> >>- JohnK >> >>ext Tim Alsop wrote: >> >> >> >>>Yes, I think the sense is that we're going to be able to dump Method >>> >>> >>and >> >> >>>move it into a set of context class URIs, that would keep >the URIs the >>> >>> >> >> >> >>>same, >>>if we want. Or if we change them, then it's moot, I guess. >And context >>>classes are not the best way to capture preauth, given the potential >>>variability, so using actual AuthnContext statements and making sure >>> >>> >>the >> >> >>>SAML schema for that can capture this information is the real work >>> >>> >>item. >> >> >>>Tim> So, can I assume that AuthnContext has been, or will be >specified >>> >>> >> >> >> >>>to support Kerberos pre-auth ? I guess I am just making sure >that this >>> >>> >> >> >> >>>work item is currently owned by somebody ? >>> >>> >>> >> >> >> > > > > >To unsubscribe from this mailing list (and be removed from the >roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/security-services/members/l eave _workgroup.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]