>>>>> "Josh" == Josh Howlett <[email protected]> writes:
>> Cantor,> And doing an binding at OASIS is only of interest to me
>> if Cantor,> it's sufficiently generic. I'm not sure yet whether
>> this Cantor,> work is going to be sensibly of use to carry
>> arbitrary SAML Cantor,> protocols. It still feels use case (or
>> profile-) specific Cantor,> to me.
>>
>> I agree. I think we're explicitly making it profile specific.
Josh> I think we ultimately need a profile specific solution for
Josh> Abfab's purposes, and a generic binding that can be applied to
Josh> other domains. The problem is that its all being shoehorned
Josh> into single document. Here's a proposal:
Josh> 1. RADIUS SAML attribute (Abfab): specifies encapsulation of
Josh> SAML messages within RADIUS messages, per 01. 2.
I'm very uncomfortable with a generic binding. I think we have a lot of
good reasons why the RP needs to know the semantics here.
So, I think we need normative references from our specs to the
semantics, and the attribute (or a sub-attribute) needs to be scoped to
those semantics/profile.
So, I'm not very happy with item 1.
Josh> RADIUS SAML
Josh> binding (OASIS): generic application of (1) for the puspose of
Josh> a SAML binding
What do we get out of doing this work in OASIS other than OASIS review?
Can you contrast with doing it here with OASIS review?
Here are my concerns about OASIS
1) Can we come to consensus on something both groups can accept? We seem
to believe that the semantics are important. OASIS seems to leave that
to profiles.
2) It introduces publication complexity.
3) Do the right people participate?
4) Bringing SSTC up to speed.
5) Strong experience that changing the venue of a work leads to
multi-year delays. That's within the IETF from one wg to another.
Josh> 3. Abfab profile (Abfab): application of RADIUS
Josh> SAML binding within Abfab architecture (covers issues such as
Josh> authentication and attribute request)
Josh> I had assumed that (3) would end up as part of the
Josh> architecture document, but that's now non-normative so perhaps
Josh> we need a new document...
Or fold it all into aaa-saml.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
