[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication
Looking at old email (below) on the subject of Kerberos preauth methods - the 'real work item' is mentioned, but the suggested solution (from AuthnContext draft 04a) is not clear to me. Tim. -----Original Message----- From: Tim Alsop Sent: 14 April 2004 17:46 To: Scott Cantor; Tim Alsop Cc: email@example.com Subject: RE: [security-services] RE: AuthenticationMethod / NameIdentifier and Kerberos authentication Yes, I think the sense is that we're going to be able to dump Method and move it into a set of context class URIs, that would keep the URIs the same, if we want. Or if we change them, then it's moot, I guess. And context classes are not the best way to capture preauth, given the potential variability, so using actual AuthnContext statements and making sure the SAML schema for that can capture this information is the real work item. Tim> So, can I assume that AuthnContext has been, or will be specified to support Kerberos pre-auth ? I guess I am just making sure that this work item is currently owned by somebody ? Cheers, Tim.