On 3 Nov 2011, at 15:09, Alejandro Perez Mendez wrote: > >> On 11/3/11 10:51 AM, "Alejandro Perez Mendez"<[email protected]> wrote: >>> What if the user has some attribute which is> 4K? For example a photo >>> (for biometric comparation). >>> I think that this situation should not be ignored, even when I can agree >>> it will not be the most usual. >> Sorry, I wasn't saying the assertion wouldn't be> 4K, I was saying the >> signature alone isn't that much bigger than a mediumish attribute unless >> you add the cert. >> >> I thought the> 4K thing was addressed by chunking it up. If not, you have >> a problem. > > That exactly the problem. Even splitting into 253-byte chucks, a RADIUS > message cannot have more than 4K in total, including all the attributes. So, > I think it would be required to find a solution for this, as it could happen, > even without certificates and signatures.
Could send a SAML artifact and then get the real, large, SAML assertion by resolving the artifact over http on the issuing IdP? R. -- Dr Rhys Smith: Identity, Access, and Middleware Specialist Cardiff University & JANET(UK) email: [email protected] / [email protected] GPG: 0xDE2F024C
_______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
