OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [security-services] Question on SAML V2.0 Identity AssuranceProfiles ,Version 1.0

On 7/15/11 1:40 PM, "David Chadwick" <d.w.chadwick@kent.ac.uk> wrote:
>We have built a system which requires the LOA to be split into two
>components, the registration LOA and the authentication/login LOA.
>I's like to know if you have envisaged your CD to be used to represent

No, it's explicitly not allowable because the binding here is to
AuthenticationContext classes, which are singular in assertions without
getting into some edge cases.

>So could I for example send this in the IDP's metadata

No, because that's illegal syntactically. You can have multiple values,
but they're in parallel, not linked.

>Similarly we want to be able to send this dynamically in a SAML
>assertion. I presume it would be admissable there as well?


-- Scott

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]