-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/03/2011 04:31 PM, Alejandro Perez Mendez wrote: > > > El 03/11/11 16:21, Rhys Smith escribió: >> >> On 3 Nov 2011, at 15:09, Alejandro Perez Mendez wrote: >> >>> >>>> On 11/3/11 10:51 AM, "Alejandro Perez Mendez"<[email protected] >>>> <mailto:[email protected]>> wrote: >>>>> What if the user has some attribute which is> 4K? For >>>>> example a photo (for biometric comparation). I think that >>>>> this situation should not be ignored, even when I can >>>>> agree it will not be the most usual. >>>> Sorry, I wasn't saying the assertion wouldn't be> 4K, I was >>>> saying the signature alone isn't that much bigger than a >>>> mediumish attribute unless you add the cert. >>>> >>>> I thought the> 4K thing was addressed by chunking it up. If >>>> not, you have a problem. >>> >>> That exactly the problem. Even splitting into 253-byte chucks, >>> a RADIUS message cannot have more than 4K in total, including >>> all the attributes. So, I think it would be required to find a >>> solution for this, as it could happen, even without >>> certificates and signatures. >> >> Could send a SAML artifact and then get the real, large, SAML >> assertion by resolving the artifact over http on the issuing >> IdP? > > You could, but then you would need to rely on a PKI for the trust > (during http assertion retrieving). I thought that idea was > already discarded in favor of AAA-based trust.
You can have any white-list including one based on metadata. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6ytH4ACgkQ8Jx8FtbMZnfoEQCdGjcCkryIKRPdbmzuMvWBiBis OLMAnA3fdu6CAPDrrb/MP1HTGFbEMF3Q =EmUx -----END PGP SIGNATURE----- _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
