•When the assertion was made.
•Who made the assertion.
•The person (subject) that the assertion is about.
•The conditions (datetime) under which the assertion holds.
•What method was used to authenticate the person, and the datetime that the authentication was done.
•A description of (or reference to) the context in which authentication was done.
–Example of authentication context information: what were
the password-generation
rules that the person had to follow, how are passwords protected, how often do users have to change their
password?
–The next slide discusses how authentication context
information is
created ………………………..