for those not on the radext list Begin forwarded message:
> From: Alan DeKok <[email protected]> > Subject: Re: [radext] RFC 4282 and RADIUS implementations (was abfab and SAML) > Date: November 3, 2011 8:02:31 AM GMT+01:00 > To: "Sanchez, Mauricio (HP Networking)" <[email protected]> > Cc: Bernard Aboba <[email protected]>, "[email protected]" > <[email protected]>, "[email protected]" <[email protected]> > > Sanchez, Mauricio (HP Networking) wrote: >> Alan: I see that you posted a new rev of the NAI doc. Are you amendable >> to presenting on your doc and framing in the context of the conversation >> below? > > Yes. > > Alan DeKok. > _______________________________________________ > radext mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/radext Begin forwarded message: > From: "Sanchez, Mauricio (HP Networking)" <[email protected]> > Subject: Re: [radext] RFC 4282 and RADIUS implementations (was abfab and SAML) > Date: November 3, 2011 12:32:38 AM GMT+01:00 > To: Bernard Aboba <[email protected]>, Alan DeKok > <[email protected]> > Cc: "[email protected]" <[email protected]>, "[email protected]" > <[email protected]> > > We should discuss this at upcoming meeting. > > Alan: I see that you posted a new rev of the NAI doc. Are you amendable to > presenting on your doc and framing in the context of the conversation below? > > -MS > Begin forwarded message: > From: Bernard Aboba <[email protected]> > Subject: Re: [radext] RFC 4282 and RADIUS implementations (was abfab and SAML) > Date: November 2, 2011 4:22:25 PM GMT+01:00 > To: Alan DeKok <[email protected]> > Cc: "[email protected]" <[email protected]>, [email protected] > > > > This document includes a requirement for encoding of the NAI as per RFC > > > 4282. > > > > > > Today, RADIUS implementations do not convert U-labels within the > > > domain-portion of the NAI to A-labels, because the User-Name attribute > > > is 8-bit clean and designed to handle UTF-8, as described within RFC > > > 2865, Section 5.1. > > > > I agree. I pointed the document authors to my 4282bis, and they > > pointed out it wasn't a published spec, or even a WG item. > > > > > As a result, RFC 4282 doesn't really apply to RADIUS, and mentioning > > > that with respect to User-Name encoding is potentially confusing (and > > > could create an interoperability problem that doesn't exist today). > > > > This is the most important point for me. > > > > Is it time to move ahead with 4282bis? There have been few comments > > on the existing doc. All it does is codify current practice. > > > > > [BA] Given that the spec would create an incompatible variant of RADIUS, > I'd say that the situation is pretty serious, and that a document clarifying > the encoding of the NAI within RADIUS is critical. > > Beyond that though, it strikes me that we may also need a "RADIUS Change > Process" document. > > > > _______________________________________________ > radext mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/radext Begin forwarded message: > From: Alan DeKok <[email protected]> > Subject: Re: [radext] RFC 4282 and RADIUS implementations (was abfab and > SAML) > Date: November 2, 2011 8:43:19 AM GMT+01:00 > To: Bernard Aboba <[email protected]> > Cc: "[email protected]" <[email protected]>, [email protected] > > Bernard Aboba wrote: >> This document includes a requirement for encoding of the NAI as per RFC >> 4282. >> >> Today, RADIUS implementations do not convert U-labels within the >> domain-portion of the NAI to A-labels, because the User-Name attribute >> is 8-bit clean and designed to handle UTF-8, as described within RFC >> 2865, Section 5.1. > > I agree. I pointed the document authors to my 4282bis, and they > pointed out it wasn't a published spec, or even a WG item. > >> As a result, RFC 4282 doesn't really apply to RADIUS, and mentioning >> that with respect to User-Name encoding is potentially confusing (and >> could create an interoperability problem that doesn't exist today). > > This is the most important point for me. > > Is it time to move ahead with 4282bis? There have been few comments > on the existing doc. All it does is codify current practice. > > Alan DeKok. > _______________________________________________ > radext mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/radext Begin forwarded message: > From: "Romascanu, Dan (Dan)" <[email protected]> > Subject: [radext] FW: [abfab] I-D Action: draft-ietf-abfab-aaa-saml-02.txt > Date: November 1, 2011 2:28:33 PM GMT+01:00 > To: <[email protected]> > > > FYI. > > Dan > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of [email protected] > Sent: Tuesday, November 01, 2011 1:44 AM > To: [email protected] > Cc: [email protected] > Subject: [abfab] I-D Action: draft-ietf-abfab-aaa-saml-02.txt > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. This draft is a work item of the Application Bridging for > Federated Access Beyond web Working Group of the IETF. > > Title : A RADIUS Attribute, Binding and Profiles for > SAML > Author(s) : Josh Howlett > Sam Hartman > Filename : draft-ietf-abfab-aaa-saml-02.txt > Pages : 14 > Date : 2011-10-31 > > This document specifies a RADIUS attribute, binding and two profiles > for the Security Assertion Mark-up Language (SAML). The attribute > provides RADIUS encapsulation of SAML protocol messages, while the > binding describes the transport of this attribute, and the SAML > protocol messages within, using RADIUS. The profiles describe the > application of this binding for Abfab authentication and assertion > query/request. The SAML RADIUS attribute and binding are defined > generically to permit application in other scenarios, such as network > access. > > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-abfab-aaa-saml-02.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > This Internet-Draft can be retrieved at: > ftp://ftp.ietf.org/internet-drafts/draft-ietf-abfab-aaa-saml-02.txt > _______________________________________________ > abfab mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/abfab > _______________________________________________ > radext mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/radext _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
