[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [security-services] ISSUE: core-27: Should AuthenticationMethods andConfirmationMethods be listed in the same subsection?
This ISSUE msg is related to ISSUE:[DS-1-10: SubjectConfirmation Descriptions] (line 1253 of saml-issues-08, and in this msg.. New Issue: SubjectConfirmation descriptions http://lists.oasis-open.org/archives/security-services/200201/msg00247.html It is also related to this proposal by Hal for prose describing the differences between AuthenticationMethod and ConfirmationMethod.. Proposed text: Authentication Method vs. SubjectConfirmation Met hod http://lists.oasis-open.org/archives/security-services/200202/msg00046.html ) -- ISSUE: core-27: Should AuthenticationMethods and ConfirmationMethods be listed in the same subsection? core-27 states for both AuthenticationMethod (lines 673-674) and ConfirmationMethod (lines 647-648) that.. "URIs identifying common authentication protocols are listed in Section 7." ..and we have (line 1550) "7.1. Confirmation Method Identifiers" containing a list of ostensible authentication protocols -- but *are they* ?? For example, "sender vouches" is a confirmation method invented in the SAML context and is not a well-known authentication method/mechanism. The same is true for "SAML Artifact". It may be reasonable to keep all these items together in one list if each item is explicitly identified whether it is an AuthenticationMethod, a ConfirmationMethod, or both. Otherwise, we should have separte lists. JeffH
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC