>Well, current implementation is over RADIUS and if you have to transport >SAML assertion including XML Signature (+X.509PKC) (even if parties do >ignore it) you can have problems even with small size attributes. If you >can life with SAML assertion including XML Signature (without X.509PKC) >then it is ok.
My assumption is that the SAML responder does not include a signature; the transport can provide the needed assurances. Deployments that require signatures should use Diameter. Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
