•The variety of information that a service provider might
need to assess the quality
of an authentication assertion is infinite.
•As a convenience the SAML working group has defined a
set of classes that contain a
"canned" collection of Authentication Context information.
•Each class is identified by a URN.
•Here's the URN for one class: urn:oasis:names:tc:SAML2.0:ac:classes:PasswordProtectedTransport
This URN by itself is
intended to give some information: "The subject was authenticated through the presentation of a password
over a protected
session"
Further details may be
obtained by requesting (from the Authentication Authority) the XML document corresponding to the
URN. (See next slide for an example)