-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/25/2011 08:56 PM, Fitch, Scott C wrote: > Is it necessary to require levels of assurance in the Basic Policy > requirements? I definitely think it's appropriate for Advanced Policies. But > I wonder whether including levels of assurance in Basic Policies will impede > adoption. > > Also, the fact that there are multiple LOA frameworks out there makes it > difficult to meet the requirement to NOT require a priori bilateral > agreements between the sender and recipient for Basic Policies. If the sender > and recipient use different LOA scales, then some type of prior agreement > must be in place to map the two scales. I don't think plasma wants to get > into the business of creating a standard LOA mapping for interoperability. >
Supporting multiple LOA frameworks is partly a technical issue and partly a policy issue. The technical issue is that we need a way to communicate LOA per transaction. In SAML WebSSO there are technical controls (AuthenticationContext) for communicating LOA [1] [1] http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-assurance-profile.html Cheers Leif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6nuLYACgkQ8Jx8FtbMZnfPbQCeNkiKi0I/hoDUHz8d3ayq3ciy 7pkAnRtZwv6MNhBi19OnFwtNha4SjOmh =hkLH -----END PGP SIGNATURE----- _______________________________________________ plasma mailing list [email protected] https://www.ietf.org/mailman/listinfo/plasma
