Discussions at IETF79 and on this list have indicated some agreement around the following:
- that the attribute should be scoped explicitly for SAML Request/Response messages, rather than SAML constructs in general. I'm not unhappy about this, as it makes the attribute's internal format (even) simpler and avoids the need for an IANA registry of message types. I've also been unable to find any compelling reason why a RADIUS server might want care about the type of SAML construct contained within the attribute, particularly if it's either going to be a Request or Response message. - the document needs to discuss how the attribute can be used with RADIUS transport for exchanges that are not necessarily associated with an EAP authentication exchange; for example, to support SAML attribute requests at some arbitrary time after authentication; or attribute requests to an attribute authority that is not the Identity Provider. (This may turn the document into more of a 'binding' specification (in SAML sense), than simply an attribute specification, but I'm not sure if that matters or not). Comments welcome. I hope to crank out an 01 sometime next week. Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
