Jim, >I note that this document focuses on the AttributeStatement exclusively. >While I don't see any need to have AuthzDecisionStatements to be exposed, >is >there going to be a desire to expose the contents of AuthenStatements - >Authentication statements?
I agree. Section 5.2 should be generalised to deal with SAML statements in general. >Doing so would allow for an IdP to advertise to the server exactly what >EAP >method was used in authenticating the client. I don't think there's a SAML Authentication Context defined for EAP, let alone the multitude of methods. However, like you say, it might actually be useful to define one. Perhaps a composite value consisting of the EAP type plus one of the existing SAML Authentication Contexts to signal the type of credential? Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
