RE: [KAML] Reminder: BOF proposals to me by October 1
"Josh Howlett" <Josh.Howlett@ja.net> Fri, 16 November 2007 22:55 UTC
Return-path: <kaml-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1ItA5V-0004Hw-JA; Fri, 16 Nov 2007 17:55:01 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ItA5U-0004Hn-8z for kaml@ietf.org; Fri, 16 Nov 2007 17:55:00 -0500
Received: from umhost1.ukerna.ac.uk ([193.62.83.67]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1ItA5T-0005et-Rv for kaml@ietf.org; Fri, 16 Nov 2007 17:55:00 -0500
Received: from har003676.ukerna.ac.uk ([194.82.140.75]) by umhost1.ukerna.ac.uk with esmtp (Exim 4.50) id 1ItA5M-0004iA-78; Fri, 16 Nov 2007 22:54:52 +0000
Received: from har003676.ukerna.ac.uk (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id 242A04A6B26; Fri, 16 Nov 2007 22:50:34 +0000 (GMT)
Received: from uxsrvr20.atlas.ukerna.ac.uk (uxsrvr20.ukerna.ac.uk [193.62.83.209]) by har003676.ukerna.ac.uk (Email Security Appliance) with ESMTP id 097944A6B21; Fri, 16 Nov 2007 22:50:28 +0000 (GMT)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [KAML] Reminder: BOF proposals to me by October 1
Date: Fri, 16 Nov 2007 22:54:46 -0000
Message-ID: <6ED388AA006C454BA35B0098396B9BFB02E4CA80@uxsrvr20.atlas.ukerna.ac.uk>
In-Reply-To: <ea2af9bd0711160910u70ebb515m35de79fdad8ff606@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [KAML] Reminder: BOF proposals to me by October 1
Thread-Index: Acgoc8dNc9PoE61ARwW+CghvLi4mvgAK1O9Q
References: <ea2af9bd0709251452y114ee29bs91fcfb6f490e6ffc@mail.gmail.com> <6ED388AA006C454BA35B0098396B9BFB02E4C7D9@uxsrvr20.atlas.ukerna.ac.uk> <ea2af9bd0711160910u70ebb515m35de79fdad8ff606@mail.gmail.com>
From: Josh Howlett <Josh.Howlett@ja.net>
To: Tom Scavo <trscavo@gmail.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1
Cc: Josh Howlett <Josh.Howlett@ja.net>, kaml@ietf.org, Paul Rabinovich <Paul.Rabinovich@exostar.com>
X-BeenThere: kaml@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about SAML and Kerberos intersections <kaml.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/kaml>, <mailto:kaml-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/kaml>
List-Post: <mailto:kaml@ietf.org>
List-Help: <mailto:kaml-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/kaml>, <mailto:kaml-request@ietf.org?subject=subscribe>
Errors-To: kaml-bounces@ietf.org
> > > That's correct. If you decide to use AuthnContext, that > means the > > > Kerberos-bound SAML assertion would contain an > AuthnStatement. On > > > the other hand, an Attribute would require an AttributeStatement. > > > (Personally, I think AuthnContext is the way to go for > LoA, but the > > > jury's still out on that issue.) > > > > I don't think that it's desirable to prescribe either (1) what > > constitutes an appropriate token for LoA or (2) that a > token needs to > > be bound directly to the ticket. The former *should* be a > matter for > > local policy, and the latter is not necessary. > > With regard to (1), I think you're missing the point, Josh. > How the LoA is carried in the SAML assertion is a technical > detail, not a matter of policy. My point was that if the <LoA token> can be acquired post hoc then the Relying Party can decide itself what is the necessary token(s), rather than relying on the TGS to choose what it believes is appropriate. The fire-and-forget approach does not provide room for agility. I believe that what constitutes an appropriate <LoA token> depends on what the Relying Party in question feels is necessary to satisfy their policy, and so binding these semantics arbitrarily to the transport protocol seems unnecessarily restrictive. Let them choose! AuthN context, attribute or moon phase.... josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG _______________________________________________ KAML mailing list KAML@ietf.org https://www1.ietf.org/mailman/listinfo/kaml
- [KAML] Reminder: BOF proposals to me by October 1 Sam Hartman
- Re: [KAML] Reminder: BOF proposals to me by Octob… Leif Johansson
- RE: [KAML] Reminder: BOF proposals to me by Octob… Paul Rabinovich
- Re: [KAML] Reminder: BOF proposals to me by Octob… Leif Johansson
- Re: [KAML] Reminder: BOF proposals to me by Octob… Tom Scavo
- RE: [KAML] Reminder: BOF proposals to me by Octob… Paul Rabinovich
- Re: [KAML] Reminder: BOF proposals to me by Octob… Henry B. Hotz
- Re: [KAML] Reminder: BOF proposals to me by Octob… Leif Johansson
- RE: [KAML] Reminder: BOF proposals to me by Octob… Josh Howlett
- Re: [KAML] Reminder: BOF proposals to me by Octob… Tom Scavo
- RE: [KAML] Reminder: BOF proposals to me by Octob… Josh Howlett
- Re: [KAML] Reminder: BOF proposals to me by Octob… Tom Scavo
- RE: [KAML] Reminder: BOF proposals to me by Octob… Josh Howlett
- Re: [KAML] Reminder: BOF proposals to me by Octob… Tom Scavo
- RE: [KAML] Reminder: BOF proposals to me by Octob… Josh Howlett