As Matt pointed out, I think it is important to distinguish Proofing LOA from Authentication LOA. We can (and probably should) communicate attributes of both aspects of LOA in detail to at least some clients. However, for creating simple clients, it would be helpful for the server to precompute a name/number LOA (which could be a combination of Proofing LOA and Authentication LOA) and hand that to the client. So, basically, I agree. :-) Do you mind if I make changes to the spec wiki page to capture some of these concepts?
-Nathan On 8/13/12 7:12 AM, "jleleu" <lel...@gmail.com> wrote: >Hi Matt, > >Thanks for your feedback. > >I agree with you on LOA definition but CAS is not dealing with >registration process but authentication procces, so LOA I talked about >must be seen as a LOAA : Level Of Assurance in Authentication. > >I still believe a numeric value is appropriate for it, as levels of >assurance can also be given multiple names. So I imagine we can have >(just to give you a silly example) : LOA4 (value = 30, >names="NIST_Level2", "IAP_Bronze"). I think of numeric value as internal >LOA for CAS server and names as public standards references. > >I'm not sure to understand if you find something wrong in the spec and if >so, what do you want to change and how ? I expect discussions on this >thread to be *also* more concrete and more focused on concepts and spec >parts. > >About the two options you propose and your recommendation (#2), I think I >agree with you and the spec should be more precise on responses to client. >I present LOA as *requested* from client or by CAS server definition and >not as *computed* to be returned to client. Proofing and authentication >attributes should be returned to client (and certainly *effective* LOA >also). > >Best regards, >Jérôme > >-- >You are currently subscribed to cas-dev@lists.jasig.org as: >nathan.k...@cru.org >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
