AuthenticationContextDeclaration
A particular assertion on an identity
provider's part with respect to the authentication
context associated with an authentication assertion.
Element information
Namespace: None
Schema document: saml-2.0-os/saml-schema-authn-context-types-2.0.xsd
Type: AuthnContextDeclarationBaseType
Properties: Global, Qualified
Content
- Sequence [1..1]
- Identification [0..1] Refers to those characteristics that describe the processes and mechanisms the Authentication Authority uses to initially create an association between a Principal and the identity (or name) by which the Principal will be known
- TechnicalProtection [0..1] Refers to those characterstics that describe how the 'secret' (the knowledge or possession of which allows the Principal to authenticate to the Authentication Authority) is kept secure
- OperationalProtection [0..1] Refers to those characteristics that describe procedural security controls employed by the Authentication Authority.
- AuthnMethod [0..1] Refers to those characteristics that define the mechanisms by which the Principal authenticates to the Authentication Authority.
- GoverningAgreements [0..1] Provides a mechanism for linking to external (likely human readable) documents in which additional business agreements, (e.g. liability constraints, obligations, etc) can be placed.
- Extension [0..*]
Attributes
| Name | Occ | Type | Description | Notes |
|---|---|---|---|---|
| ID | [0..1] | xsd:ID |
Sample instance
<AuthenticationContextDeclaration ID="ID"> <Identification> <PhysicalVerification/> <WrittenConsent> <Extension> <!--any element--> </Extension> </WrittenConsent> <GoverningAgreements> <GoverningAgreementRef governingAgreementRef="http://www.example.com/"/> </GoverningAgreements> <Extension> <!--any element--> </Extension> </Identification> <TechnicalProtection> <PrivateKeyProtection> <KeyActivation>... </KeyActivation> <KeyStorage medium="memory"/> <KeySharing sharing="true"/> <Extension> <!--any element--> </Extension> </PrivateKeyProtection> <Extension> <!--any element--> </Extension> </TechnicalProtection> <OperationalProtection> <SecurityAudit> <SwitchAudit>... </SwitchAudit> <Extension> <!--any element--> </Extension> </SecurityAudit> <DeactivationCallCenter> <Extension> <!--any element--> </Extension> </DeactivationCallCenter> <Extension> <!--any element--> </Extension> </OperationalProtection> <AuthnMethod> <PrincipalAuthenticationMechanism> <Password>... </Password> <RestrictedPassword>... </RestrictedPassword> <Token>... </Token> <Smartcard>... </Smartcard> <ActivationPin>... </ActivationPin> <Extension> <!--any element--> </Extension> </PrincipalAuthenticationMechanism> <Authenticator> <PreviousSession>... </PreviousSession> <PreviousSession>... </PreviousSession> <ResumeSession>... </ResumeSession> <DigSig>... </DigSig> <Password>... </Password> <RestrictedPassword>... </RestrictedPassword> <ZeroKnowledge>... </ZeroKnowledge> <SharedSecretChallengeResponse>... </SharedSecretChallengeResponse> <SharedSecretDynamicPlaintext>... </SharedSecretDynamicPlaintext> <IPAddress>... </IPAddress> <AsymmetricDecryption>... </AsymmetricDecryption> <AsymmetricKeyAgreement>... </AsymmetricKeyAgreement> <SubscriberLineNumber>... </SubscriberLineNumber> <UserSuffix>... </UserSuffix> <Extension> <!--any element--> </Extension> </Authenticator> <AuthenticatorTransportProtocol> <HTTP>... </HTTP> <Extension> <!--any element--> </Extension> </AuthenticatorTransportProtocol> <Extension> <!--any element--> </Extension> </AuthnMethod> <GoverningAgreements> <GoverningAgreementRef governingAgreementRef="http://www.example.com/"/> </GoverningAgreements> <Extension> <!--any element--> </Extension> </AuthenticationContextDeclaration>