>>>>> "Josh" == Josh Howlett <[email protected]> writes:
    Josh>  - the document needs to discuss how the attribute can be used
    Josh> with RADIUS transport for exchanges that are not necessarily
    Josh> associated with an EAP authentication exchange; for example,
    Josh> to support SAML attribute requests at some arbitrary time
    Josh> after authentication; 

Sounds good

    Josh> or attribute requests to an attribute
    Josh> authority that is not the Identity Provider. 

I'm nervous about this for the trust model issues I brought up.
I could see using the same attribute in the cases where the trust model
is going to be the same.
However I definitely think we want a different attribute if we want
different processing semantics in the RP.

One particularly thorny issue will be what the IDP should do with a
request for an attribute from a different provider that it could satisfy
but not under the trust model the RP was hoping for.

    Josh> (This may turn
    Josh> the document into more of a 'binding' specification (in SAML
    Josh> sense), than simply an attribute specification, but I'm not
    Josh> sure if that matters or not).

I think ending up with a binding is very good.

    Josh> Comments welcome. I hope to crank out an 01 sometime next
    Josh> week.

    Josh> Josh.

    Josh> JANET(UK) is a trading name of The JNT Association, a company
    Josh> limited by guarantee which is registered in England under
    Josh> No. 2881024 and whose Registered Office is at Lumen House,
    Josh> Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG

    Josh> _______________________________________________ abfab mailing
    Josh> list [email protected]
    Josh> https://www.ietf.org/mailman/listinfo/abfab

_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab

Reply via email to