OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: AuthnContext comparison clarifications

Fulfilling an action item, here is a suggested clarification we might want
to make to core section

Conor noted that contexts are not necessarily a fully ordered set, so we
might note this to aid in the interpretation of the comparison types, such
as the following after line 1819:

"Note that while the references are evaluated in order, they do not
necessarily (or even typically) constitute an ordered set relative to each
other for comparison purposes. References can be to distinct classes that do
not relate to each other directly in terms of "strength". Therefore, the
following comparison rules are meant to be applied individually to each
input reference. Satisfying a particular comparison with respect to a
*single* input reference is sufficient to satisfy the request."

I believe this rule (satisfying a single input) applies across all of the
comparison options and is the intent behind the text. It also seems to
provide a straightforward algorithm to use in each case by just requiring
that each input be fed into the comparison operation one at a time until one
is satisfied, and you never have to keep going once you do.

-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]