>>>>> "Josh" == Josh Howlett <[email protected]> writes:
Josh> - the document needs to discuss how the attribute can be used
Josh> with RADIUS transport for exchanges that are not necessarily
Josh> associated with an EAP authentication exchange; for example,
Josh> to support SAML attribute requests at some arbitrary time
Josh> after authentication;
Sounds good
Josh> or attribute requests to an attribute
Josh> authority that is not the Identity Provider.
I'm nervous about this for the trust model issues I brought up.
I could see using the same attribute in the cases where the trust model
is going to be the same.
However I definitely think we want a different attribute if we want
different processing semantics in the RP.
One particularly thorny issue will be what the IDP should do with a
request for an attribute from a different provider that it could satisfy
but not under the trust model the RP was hoping for.
Josh> (This may turn
Josh> the document into more of a 'binding' specification (in SAML
Josh> sense), than simply an attribute specification, but I'm not
Josh> sure if that matters or not).
I think ending up with a binding is very good.
Josh> Comments welcome. I hope to crank out an 01 sometime next
Josh> week.
Josh> Josh.
Josh> JANET(UK) is a trading name of The JNT Association, a company
Josh> limited by guarantee which is registered in England under
Josh> No. 2881024 and whose Registered Office is at Lumen House,
Josh> Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG
Josh> _______________________________________________ abfab mailing
Josh> list [email protected]
Josh> https://www.ietf.org/mailman/listinfo/abfab
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
