Re: [KAML] Reminder: BOF proposals to me by October 1

"Tom Scavo" <trscavo@gmail.com> Tue, 25 September 2007 21:53 UTC

Return-path: <kaml-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IaIL5-0006DX-7n; Tue, 25 Sep 2007 17:53:07 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IaIL3-0006DF-Rg for kaml@ietf.org; Tue, 25 Sep 2007 17:53:05 -0400
Received: from fk-out-0910.google.com ([209.85.128.190]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IaIKx-000352-Ll for kaml@ietf.org; Tue, 25 Sep 2007 17:53:05 -0400
Received: by fk-out-0910.google.com with SMTP id z23so2164821fkz for <kaml@ietf.org>; Tue, 25 Sep 2007 14:52:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=KrSZpXjW88AX9I92TnRZ9WwyH225J/q06+Es1Am+WB4=; b=DprGCrVHTQQXWGFJlElO6AwirpAHkofJEBm9nu36MsAbji0mVBENkp90YMmaxST8UVcjRnS/O0LhlR7uAiLLbyHYa5zyR+l8HKLrIVf2B2RvjCVf8k6qSJYebSZ5Qq+aLKvnOGi8B56j1Mtf2Pzw9JSw4av7vwhnEg9zFUJqqyE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=dah9mb0bJXF2dfYVc77MlnCDJ76wackHDue5XVuOcIVg9CJ0WClxSS+TLoi9HSY+Y0mVb+NP/pS6FFYPKcRj5IA9VIXhEGk9fAqQmODhAG8tClj17AMjAv1crfqiZ20SeOMkB4owGpWAA2WheAVQ4zBvytcmmzvUNbq++VAVOOs=
Received: by 10.82.158.12 with SMTP id g12mr9519468bue.1190757155994; Tue, 25 Sep 2007 14:52:35 -0700 (PDT)
Received: by 10.82.186.1 with HTTP; Tue, 25 Sep 2007 14:52:35 -0700 (PDT)
Message-ID: <ea2af9bd0709251452y114ee29bs91fcfb6f490e6ffc@mail.gmail.com>
Date: Tue, 25 Sep 2007 17:52:35 -0400
From: "Tom Scavo" <trscavo@gmail.com>
To: "Leif Johansson" <leifj@it.su.se>
Subject: Re: [KAML] Reminder: BOF proposals to me by October 1
In-Reply-To: <46F97403.5090802@it.su.se>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <0E2D64FCAEB5C5458A494DC28270548E06E3C5F5@Netmail1.exostar.com> <46F97403.5090802@it.su.se>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: de4f315c9369b71d7dd5909b42224370
Cc: kaml@ietf.org, Paul Rabinovich <Paul.Rabinovich@exostar.com>
X-BeenThere: kaml@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about SAML and Kerberos intersections <kaml.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/kaml>, <mailto:kaml-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/kaml>
List-Post: <mailto:kaml@ietf.org>
List-Help: <mailto:kaml-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/kaml>, <mailto:kaml-request@ietf.org?subject=subscribe>
Errors-To: kaml-bounces@ietf.org

On 9/25/07, Leif Johansson <leifj@it.su.se> wrote:
> Paul Rabinovich wrote:
> >
> >       IMO it's preferable to keep the LoA piece under the Kerberos WG
> > rather than under the KAML WG since - in the short-term - out-of-the-box
> > SAML 2.0 seems not to be able to help with LoA. Whatever we design, however,
> >
> I think you are wrong. There are at least two ways to model LoA
> using SAML - using an AC class or using an attribute.

That's correct.  If you decide to use AuthnContext, that means the
Kerberos-bound SAML assertion would contain an AuthnStatement.  On the
other hand, an Attribute would require an AttributeStatement.
(Personally, I think AuthnContext is the way to go for LoA, but the
jury's still out on that issue.)

Tom

_______________________________________________
KAML mailing list
KAML@ietf.org
https://www1.ietf.org/mailman/listinfo/kaml