For each, I list:
the name,
the per entity information required to authenticate the subject,
any other information required to authenticate the subject and
any optional, but likely to be needed information.
username/password
hashed password
none
none
Kerberos
none
Kerberos ID including secret key (keytab)
none
SAML/SSO
Id of Trusted IdP
Root certificate or shared secret to verify signature or TLS keys & certificates
none
Open ID
none
Id of Trusted IdP's
Means to authenticate
X.509 PKI
none
Trusted Root Certificates
Certificate and private key to authenticate
Hardware token
none
Access to authentication server, typically with RADIUS
none
-------
I suggest that the category of WS Security Token be dropped from the list. A WSS Token is one of several things, including username, X.509 Certificate, Kerberos Ticket and SAML Assertion. All of these should be covered individually.
Hal