Closed Razumain closed 4 years ago
The first item shouldn't be any problems. Regarding storing the SAD payload in the AuthnContext
element (not extension). Do you mean that we should introduce an extension for SAD and place it under AuthnContext
instead of using the sad
-attribute?
No. The Assertion is fine as it is. This is about placing the sad payload in the certificate as extra evidence that the SAP process was implemented. The RFC 7773 allows multiple payloads to be stored that provides info about the auth context:
AuthenticationContexts ::= SEQUENCE SIZE (1..MAX) OF AuthenticationContext
AuthenticationContext ::= SEQUENCE { contextType UTF8String, contextInfo UTF8String OPTIONAL }
Can you elaborate on the purpose and justification of the proposals?
Hälsningar/Regards/Grüße, Anders Törnqvist, Comfact AB +46 (0)768 15 98 10
From: Stefan Santesson notifications@github.com Sent: den 16 oktober 2018 14:51 To: swedenconnect/technical-framework technical-framework@noreply.github.com Cc: Subscribed subscribed@noreply.github.com Subject: [swedenconnect/technical-framework] Update signing specifications (#69)
Two new proposals to store transaction related evidence in signing certificates.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/swedenconnect/technical-framework/issues/69 , or mute the thread https://github.com/notifications/unsubscribe-auth/AXVDyO76GTX4qIseOkxUDkxc_daXLXTmks5uldZLgaJpZM4XeSOb . https://github.com/notifications/beacon/AXVDyDor42LfgOjbtr69f8k8OYLM3g6Wks5uldZLgaJpZM4XeSOb.gif
@Razumain By introducing the <sacex:ExtAuthInfo>
element to be used in the <saci:AuthContextInfo>
we can store any attribute there - both transactionID and SAD...
Two new proposals to store transaction related evidence in signing certificates.
Store transaction identifier as subject attribute: 1.2.752.201.3.2 with a mapping to the SAML attribute in AuthContext extension
Store the SAD payload in the AuthnContext extension