[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Potential error in AuthContext spec?
Oops – meant to send this to the main SSTC list
I realize that very few folks actually create any instance documents for AuthenticationContextClasses (i.e. everyone just refers to existing AC class URI’s, right?), but we’re looking at defining some additional classes and in the process of doing that, we ran across this issue.
WOW… it’s been a long time since I felt comfortable down in the bowels of the AuthnContext spec (oh wait… I never felt comfortable there J).
We have a use case where someone is attempting to create aninstance document for the class TimeSynchToken and it appears there is an error in the spec.
The TimeSyncToken schema defines the AuthnMethodBaseType to be a restriction of AuthnMethodBaseType where PrincipalAuthenticationMethod is optional and Authenticator is required.
However, the Token element is in the PrincipalAuthenticationMechanismType, not in the AuthenticatorSequenceGroup and thus it can’t be part of the Authenticator element.
So we’re stumped as to how to create a TimeSyncToken authenticator.
Are we missing something?
Rob Philpott | Senior Technologist | RSA, the Security Division of EMC
eMail: email@example.com | Office: 781.515.7115 | Mobile: 617.510.0893
Description: S/MIME cryptographic signature