[cas-dev] Authentication Attributes and SAML
Scott Battaglia
scott.battaglia at gmail.com
Thu Jan 8 15:55:17 EST 2009
SAML2 will be used in CAS4. Its coming up on the list of things to
implement (only a few items ahead of it).
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Wed, Jan 7, 2009 at 1:11 PM, Marvin S. Addison
<marvin.addison at gmail.com>wrote:
> We have a use case for providing a Level of Assurance attribute in the
> CAS response. The ideal way to do this would be a
> LevelOfAssuranceMetaDataPopulator that would examine the Credentials
> object and then add an LOA attribute to Authentication#getAttributes().
> The data in the Authentication object, including LOA value, could then
> be made available to CAS clients at service ticket validation time.
>
> The problem with this approach is that SAML 1.1 does not appear flexible
> enough to support _arbitrary_ attributes in the AuthenticationStatement
> section. You have AuthenticationMethod and nothing more. SAML 2, on
> the other hand, appears capable of accommodating arbitrary
> authentication meta data.
>
> http://www.oasis-open.org/committees/download.php/28706/sstc-saml-loa-authncontext-profile-draft-01.pdfappears to be a possible emerging standard for this use case using SAML 2.
>
> Is SAML 2 under consideration for CAS 4? It would be beneficial if CAS
> 4 could accommodate use cases such as this via some means.
>
> Regards,
> Marvin Addison
> Middleware Services
> Virginia Tech
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20090108/f90c6258/attachment.html
More information about the cas-dev
mailing list