OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] SAML enhancement proposal for attribute assurance

Identity assurance frameworks (as the ones by InCommon or NIST) usually have a part about registration and identity proofing which focusses on the question how the identity provider verifies the identity of its users in the first place. They are usually quite focussed on attributes that you find on your ID card.  I don't think they cover attributes as a credit card number, eMail address or whether a person is a Student, in particular as these attributes are subject to change  after the initial registration took place.

I think, it would be good to have different verification profiles where-as the in-person proofing could be one out of several, for example one could have 

1) In-Person-Proofing for attributes as name, address, age, gender
2) Back channel Verification as usually done for emails (verification email sent) or bank accounts (1 cent transactions) or telephone numbers (calling or sending text message), postal address, etc
3) Issuer controls the information as for example for emails (if the IP has its own mail server) or membership assertions (isStudent) 
4) etc

-- ivonne

On Sep 30, 2010, at 10:57 PM, Paul Madsen wrote:

For verification of the statement (integrity & origin), SAML already provides mechanisms

For the attributes within the statement, any or all of

1) mechanisms by which the values were verified
2) claim as to how much confidence an RP might ascribe to the values
3) measure of probability the attribute values are incorrect
4) etc

I'm wondering if folks know of ongoing work on any of the list above

and no, not necessarily 'human-centric'


On 30/09/2010 4:41 PM, Anthony Nadalin wrote:

So verification of the statement of verification of the content of the statement and are you limiting to statements to be about humans?


From: Paul Madsen [mailto:paulmadsen@rogers.com]
Sent: Thursday, September 30, 2010 10:21 AM
To: oasis sstc
Subject: Re: [security-services] SAML enhancement proposal for attribute assurance


Separate from how to express in a SAML statement, does anybody know of current activity defining different criteria for verification?


On 29/09/2010 8:29 AM, Ivonne Thomas wrote:

Dear Commitee members,
My name is Ivonne Thomas from Hasso-Plattner-Institute. 
I am submitting a proposal that suggests enhancements to SAML for attribute assurance.  
I kindly request your feedback on this approach and would be happy  to discuss this proposal in one of the upcoming SSTC Conference Calls.
Best regards,
Ivonne Thomas
Ivonne Thomas, MSc
PhD Student, Forschungskolleg "Service-oriented Systems Engineering"
Fachbereich Internettechnologien und -systeme  (Prof. Dr. Christoph Meinel)
Tel: +49 (0) 331 5509-528
Hasso-Plattner-Institut für Softwaresystemtechnik GmbH
Prof.-Dr.-Helmert-Str. 2-3
D-14482 Potsdam 
Amtsgericht Potsdam, HRB 12184
Geschäftsführung: Prof. Dr. Christoph Meinel
Design IT. Create knowledge.
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 9.0.856 / Virus Database: 271.1.1/3165 - Release Date: 09/28/10 13:41:00
No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.856 / Virus Database: 271.1.1/3168 - Release Date: 09/30/10 02:34:00

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]