...
- NOT NECESSARILY RELATED TO LOA: user-attributes - contains attributes of the user (principal)
- attrib - subject to the attribute release policy associated with this service - basically the same as the attributes in the SAML validation response
- loa-number - the maximum number associated with any of the satisfied levels of assurance
- levels-satisfied - list of the names of all assurance levels that were satisfied by the users's current session
- level - the name of the level of assurance
- MAYBE: auth-handlers - list of all auth handlers that have successfully authenticated for the user's current session (i.e. authentication objects) - note: this might not be needed or desired
- auth-handler - an individual auth handler; the "name" XML attribute contains the name
- attrib - each attribute in the authentication object can be listed here. probably require deployer to specify which attributes should be released, or maybe include a release policy for registered services similar to that for user attributes
Note: Would it be better to use a JSON format validation response for the new CAS protocol response? Easier to parse, less clumsy, more concise? -Andrew Petro