[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Was a smartcard used to get the ticket?
Henry B. Hotz wrote:
> On Aug 9, 2007, at 2:02 PM, Leif Johansson wrote:
>> Henry B. Hotz wrote:
>>> Wish I had been able to listen in to the IETF discussion. The meeting
>>> notes are a bit skimpy.
>> One mechanism that was discussed was to use SAML authentication
>> contexts to
>> communicate information about how the authentication was done. Would
>> carry enough information to solve the problem for you?
>> Cheers Leif
> Most likely. OTOH I can't have the KDC waiting on an external SAML
> engine to provide the extra bit of authZ info before issuing a ticket.
No SAML would only be used to transport the information in a standard way,
no external entity (eg an IdP) would be involved besides the KDC.