> Gabriel> Hi, > > Gabriel> What I think is missing in the documents is the SAML > Gabriel> profile for abfab. The architecture document says that > Gabriel> SAML requests may or not may appear as RADIUS attributes in > Gabriel> the request, but it is quite ambiguos. The home AAA server > Gabriel> has to know if a SAML attribute, authentication or > Gabriel> authorization statement should be returned, and it has to > Gabriel> be specified in the RADIUS request. I mean, there should > Gabriel> be in some place, a description of the SAML queries to be > Gabriel> used, statement to be returned and, for example, if they > Gabriel> has to be signed or encrypted. It could also imply a > Gabriel> problem if the assertion is too big to be transported over > Gabriel> the radius message (even if fragmentation occurs). > >I agree some of this needs to be specified. In particular, enough needs >to be specified that the RP knows what it can rely on.
+1 >I think that draft-ietf-abfab-aaa-saml is probably the right place for >that. I'll update the draft. Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
