Hi Alejandro, Thanks for your careful review. I'll correct the nits ASAP.
> >* In the 3er paragraph it is mentioned Diameter, while it is not > mentioned again in the rest of the document. Indeed, it is a > RADIUS-specific document. Yes; aligning this with the Diameter document is the goal for the next rev. >* I have a question related with the RADIUS maximum packet size. > RFC 2865 states that the maximum size is 4096 bytes. That means > that if an SAML Assertion would be bigger than 4K, it would be > impossible to transport it in a single RADIUS message. Even > without signatures, a SAML Assertion containing attributes may > exceed this size if the attributes contains data enough. Have > you thought about any mechanism to lead with this kind of > situations, for example the use of a Hash&URL or similar? In this case I believe that Diameter should be used. I agree that it would be possible to invent a callback mechanism to resolve a jumbo assertion, but I believe that these would introduce non-trivial implementation and operational issues. Speaking from an operator's perspective, I would personally prefer to increase the RADIUS message MTU (particularly for the TCP transport case), but obviously there are process considerations that could impede this. Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
