OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Potential error in AuthContext spec?


Oops – meant to send this to the main SSTC list

 

I realize that very few folks actually create any instance documents for AuthenticationContextClasses (i.e. everyone just refers to existing AC class URI’s, right?), but we’re looking at defining some additional classes and in the process of doing that, we ran across this issue.

 

Cheers.

From: Philpott, Robert [mailto:robert.philpott@rsa.com]
Sent: Wednesday, June 12, 2013 1:46 PM
To: saml-dev@lists.oasis-open.org
Subject: [saml-dev] Potential error in AuthContext spec?

 

WOW… it’s been a long time since I felt comfortable down in the bowels of the AuthnContext spec (oh wait… I never felt comfortable there J).

 

We have a use case where someone is attempting to create aninstance document  for the class TimeSynchToken and it appears there is an error in the spec.

 

The TimeSyncToken schema defines the AuthnMethodBaseType to be a restriction of AuthnMethodBaseType where PrincipalAuthenticationMethod is optional and Authenticator is required.

 

However, the Token element is in the PrincipalAuthenticationMechanismType, not in the AuthenticatorSequenceGroup and thus it can’t be part of the Authenticator element.

 

So we’re stumped as to how to create a TimeSyncToken authenticator.

 

Are we missing something?

 

Rob Philpott | Senior Technologist | RSA, the Security Division of EMC

eMail: robert.philpott@rsa.com | Office: 781.515.7115 | Mobile: 617.510.0893

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]