El 03/11/11 16:21, Rhys Smith escribió:
On 3 Nov 2011, at 15:09, Alejandro Perez Mendez wrote:
On 11/3/11 10:51 AM, "Alejandro Perez Mendez"<[email protected]
<mailto:[email protected]>> wrote:
What if the user has some attribute which is> 4K? For example a photo
(for biometric comparation).
I think that this situation should not be ignored, even when I can
agree
it will not be the most usual.
Sorry, I wasn't saying the assertion wouldn't be> 4K, I was saying the
signature alone isn't that much bigger than a mediumish attribute unless
you add the cert.
I thought the> 4K thing was addressed by chunking it up. If not,
you have
a problem.
That exactly the problem. Even splitting into 253-byte chucks, a
RADIUS message cannot have more than 4K in total, including all the
attributes. So, I think it would be required to find a solution for
this, as it could happen, even without certificates and signatures.
Could send a SAML artifact and then get the real, large, SAML
assertion by resolving the artifact over http on the issuing IdP?
You could, but then you would need to rely on a PKI for the trust
(during http assertion retrieving). I thought that idea was already
discarded in favor of AAA-based trust.
Regards,
Alejandro
R.
--
Dr Rhys Smith: Identity, Access, and Middleware Specialist
Cardiff University & JANET(UK)
email: [email protected] <mailto:[email protected]> /
[email protected] <mailto:[email protected]>
GPG: 0xDE2F024C
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
