[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Was a smartcard used to get the ticket?



Henry B. Hotz wrote:
>
> On Aug 9, 2007, at 2:02 PM, Leif Johansson wrote:
>
>> Henry B. Hotz wrote:
>>
>> <snip>
>>
>>> Wish I had been able to listen in to the IETF discussion.  The meeting
>>> notes are a bit skimpy.
>>>
>>
>> One mechanism that was discussed was to use SAML authentication
>> contexts to
>> communicate information about how the authentication was done. Would
>> that
>> carry enough information to solve the problem for you?
>>
>>     Cheers Leif
>
> Most likely.  OTOH I can't have the KDC waiting on an external SAML
> engine to provide the extra bit of authZ info before issuing a ticket.
No SAML would only be used to transport the information in a standard way,
no external entity (eg an IdP) would be involved besides the KDC.

    Cheers Leif