[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: LOA profile
In Eric's first draft [1], he listed some open questions/possibilities. 1) representing the 4 NIST LoA as AuthenticationContextDeclarations rather than class schemas 2) adding conformance clauses stipulating for each level the allowed bindings, necessary protection mechanisms etc Personally, I don't favour either proposal (not that Eric was actually proposing them). #1 would break with the class model as it stands, and #2 would duplicate the stipulations NIST itself makes. Other thoughts? Unless I hear objections, I'll proceed with a second draft with the above removed. paul [1] - http://www.oasis-open.org/apps/org/workgroup/security/download.php/28706/sstc-saml-loa-authncontext-profile-draft-01.pdf |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]