OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] RequestedAuthnContext exact comparison

Title: Message
Greg, that  sounds reasonable.
Please let me know if anyone objects.
-----Original Message-----
From: Greg Whitehead [mailto:greg.whitehead@hp.com]
Sent: Friday, February 24, 2006 9:58 AM
To: Thomas Wisniewski
Cc: security-services@lists.oasis-open.org
Subject: Re: [security-services] RequestedAuthnContext exact comparison

I believe the intent was that it should be an exact match.

I suppose we could have defined an 'equivalent' operator for matches within an equivalence class. Given what we have, you could eithe a) use 'exact' but include all equivalent classes as possibilities, or b) use 'minimum' and potentially accept a higher class.


On Feb 24, 2006, at 8:22 AM, Thomas Wisniewski wrote:

In the following authn request:
<RequestedAuthtnContext Comparison="exact">
does "exact match" specified in Core line 1821 imply an exact literal match against the requested authn context class?  Or is implementation dependent, i.e., if another authn context class, say un:oaosis:names:TC:SAML:2.0:ac:classes:InternetProtocolPassword, was "consider to be at the same level/strength by both parties", would this satisfy the exact request?
Thanks, Tom.

Thomas Wisniewski
Software Architect
Phone: (201) 891-0524
Cell: (201) 248-3668
Securing Digital Identities
& Information


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]