[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [security-services] Question on SAML V2.0 Identity AssuranceProfiles ,Version 1.0
On 7/15/11 3:22 PM, "David Chadwick" <d.w.chadwick@kent.ac.uk> wrote: >I suggest you need to update your CS spec if you want to explicitly rule >this out because your current text does not. In fact it appears to be >general enough to allow for any assurance criteria which users wish to >specify (which I would have thought is a good thing). It does allow for any criteria, but in the form of one identifier, because what you're asking to do was already possible with the original AuthnContext feature. People didn't want it. > Additionally > >a) your schema allows multiple value and What schema? >b) your text implies it by stating " Multiple >values MAY be present." It is regrettably misleading, but it meant that multiple AttributeValue elements are possible, but each one is itself one URI. >Furthermore, whilst an AuthenticationContext might be singular wrt a >uri, its semantics can be anything. So all this means is that we need to >define a set of n*m URIs rather than n+m URIs. Inconvenient but not a >show stopper. That is correct, and precisely the point. Pressures will come to bear on anybody trying to complicate things by going back to the sort of combinatorics that were already possible in the original AuthnContext work. That didn't fly with people. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]