OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] RequestedAuthnContext exact comparison

I believe the intent was that it should be an exact match.

I suppose we could have defined an 'equivalent' operator for matches within an equivalence class. Given what we have, you could eithe a) use 'exact' but include all equivalent classes as possibilities, or b) use 'minimum' and potentially accept a higher class.

-Greg

On Feb 24, 2006, at 8:22 AM, Thomas Wisniewski wrote:

In the following authn request:
 
<RequestedAuthtnContext Comparison="exact">
  <AuthnContextClassRef>
    urn:oaosis:names:TC:SAML:2.0:ac:classes:Password
  <AuthnContextClassRef>
 
does "exact match" specified in Core line 1821 imply an exact literal match against the requested authn context class?  Or is implementation dependent, i.e., if another authn context class, say un:oaosis:names:TC:SAML:2.0:ac:classes:InternetProtocolPassword, was "consider to be at the same level/strength by both parties", would this satisfy the exact request?
 
Thanks, Tom.

Thomas Wisniewski
Software Architect
Phone: (201) 891-0524
Cell: (201) 248-3668
 
Entrust̉
Securing Digital Identities
& Information

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]