[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Was a smartcard used to get the ticket?

Henry B. Hotz wrote:
> On Aug 9, 2007, at 2:02 PM, Leif Johansson wrote:
>> Henry B. Hotz wrote:
>> <snip>
>>> Wish I had been able to listen in to the IETF discussion.  The meeting
>>> notes are a bit skimpy.
>> One mechanism that was discussed was to use SAML authentication
>> contexts to
>> communicate information about how the authentication was done. Would
>> that
>> carry enough information to solve the problem for you?
>>     Cheers Leif
> Most likely.  OTOH I can't have the KDC waiting on an external SAML
> engine to provide the extra bit of authZ info before issuing a ticket.
No SAML would only be used to transport the information in a standard way,
no external entity (eg an IdP) would be involved besides the KDC.

    Cheers Leif