We have a use case for providing a Level of Assurance attribute in the CAS response. The ideal way to do this would be a LevelOfAssuranceMetaDataPopulator that would examine the Credentials object and then add an LOA attribute to Authentication#getAttributes(). The data in the Authentication object, including LOA value, could then be made available to CAS clients at service ticket validation time.
The problem with this approach is that SAML 1.1 does not appear flexible enough to support _arbitrary_ attributes in the AuthenticationStatement section. You have AuthenticationMethod and nothing more. SAML 2, on the other hand, appears capable of accommodating arbitrary authentication meta data. http://www.oasis-open.org/committees/download.php/28706/sstc-saml-loa-authncontext-profile-draft-01.pdf appears to be a possible emerging standard for this use case using SAML 2. Is SAML 2 under consideration for CAS 4? It would be beneficial if CAS 4 could accommodate use cases such as this via some means. Regards, Marvin Addison Middleware Services Virginia Tech _______________________________________________ cas-dev mailing list cas-dev@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas-dev
