Sam, I think there is a disconnect between the picture and the text. The picture has a field called MT but the text has a field called Construct Type (CT). I believe that these are supposed to be the same fields and are mis-labeled.
I am going to show Radius ignorance now, I assume there must be a rule that you cannot change the order of attributes in AAA, otherwise just a simple concatenation would not work. Is there a rule or assumption that all of the parts of a fragmented attribute would be contiguous? I think that for completeness we should be able to have multiple SAML elements present as attributes. This would require either an intervening other element or the ability to distinguish between continued items and first time items. Should this be done by making four elements rather than just two? Or by length prefixing the construct field? What do you think the level of review that needs to be added for additional elements? Do we need to further refine the range of construct numbers to have private and RFC required numbers? Please number your TBD values so that I can distinguish between them without having to think. Is there a reason to label this as being SAML specific rather than just letting it be XML values and letting the construct type identify the type of values? Would it make sense to create a new CT value for just carrying an SAML assertion which is not part of a request or response? Doing so would allow for one to toss in arbitrary (and hopefully related) items that were not actually asked for. Jim _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
