>>>>> "Gabriel" == Gabriel López <[email protected]> writes:
Gabriel> Hi,
Gabriel> What I think is missing in the documents is the SAML
Gabriel> profile for abfab. The architecture document says that
Gabriel> SAML requests may or not may appear as RADIUS attributes in
Gabriel> the request, but it is quite ambiguos. The home AAA server
Gabriel> has to know if a SAML attribute, authentication or
Gabriel> authorization statement should be returned, and it has to
Gabriel> be specified in the RADIUS request. I mean, there should
Gabriel> be in some place, a description of the SAML queries to be
Gabriel> used, statement to be returned and, for example, if they
Gabriel> has to be signed or encrypted. It could also imply a
Gabriel> problem if the assertion is too big to be transported over
Gabriel> the radius message (even if fragmentation occurs).
I agree some of this needs to be specified. In particular, enough needs
to be specified that the RP knows what it can rely on.
I think that draft-ietf-abfab-aaa-saml is probably the right place for
that.
--Sam
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
