OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Groups - Shared Credential Use Case Discussion (draft-saml-shared-credential-discussion-02.pdf) uploaded

This revision of the Shared Credential Use Case discussion doc reflects TC
feedback. The previously proposed SwitchUser extension is deprecated in
favour of a solution based on Authentication Context, specifically
introducing 1) a protocol extension, 2) an AC extension, and 3) two new AC

 -- Paul Madsen

The document named Shared Credential Use Case Discussion
(draft-saml-shared-credential-discussion-02.pdf) has been submitted by Paul
Madsen to the OASIS Security Services (SAML) TC document repository.

Document Description:
An IDP will be unable to assert to an SP a particular identity for a user
if that user authenticates to the IDP
using a credential known to be shared with other users. If the credential
by which a user authenticates
does not uniquely identify them (e.g. a phone at home, access to a
workstation, PPPoE authentication
etc) then the IDP will be unable to assert anything beyond the fact that
the user was one of the set of
individuals that shared that credential. An SP may deem such an assertion
as insufficient for enabling
access to resources associated with a particular individual identity and so
may request of the IDP an
assertion characterized by a credential unique to that individual.

View Document Details:

Download Document:  

PLEASE NOTE:  If the above links do not work for you, your email application
may be breaking the link into two pieces.  You may be able to copy and paste
the entire link address into the address field of your web browser.

-OASIS Open Administration

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]