OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Possible resolution to AI 282, AuthnContextDecl andAuthnContextDeclRef Confusion

After revisiting this issue, I don't think that any changes to the text in
SAML Core (or other specs) is warranted.

I think there is a need, somewhere, to offer some guidance regarding
interoperability issues, particularly in the case where the AuthnRequest
does not contain a RequestedAuthnContext.  However, I am somewhat at a loss
to identify the appropriate location.  If the proper location were to be
found, the text to be inserted there would be something like:

"Note that interoperability may depend on out-of-band negotiation between
identity providers and service providers regarding acceptable Authentication
Context declarations or references.  This may be especially true in cases
where the <saml:AuthnRequest> issued by a service provider does not contain
a <saml:RequestedAuthnContext> element."

Eric  Tiffany             |  eric@projectliberty.org
Interop Tech  Lead        |  +1 413-458-3743
Liberty Alliance          |  +1 413-627-1778 mobile

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]