El 04/11/11 11:10, Josh Howlett escribió: >> Well, current implementation is over RADIUS and if you have to transport >> SAML assertion including XML Signature (+X.509PKC) (even if parties do >> ignore it) you can have problems even with small size attributes. If you >> can life with SAML assertion including XML Signature (without X.509PKC) >> then it is ok. > My assumption is that the SAML responder does not include a signature; the > transport can provide the needed assurances. Deployments that require > signatures should use Diameter. Then I think the draft document should comment something like: "SAML assertion ¿should/must? not be signed if AAA transport is RADIUS, otherwise it could"
It is not clear for me, but if you are ok ... regards, Gabi. > > Josh. > > > > JANET(UK) is a trading name of The JNT Association, a company limited > by guarantee which is registered in England under No. 2881024 > and whose Registered Office is at Lumen House, Library Avenue, > Harwell Oxford, Didcot, Oxfordshire. OX11 0SG > -- ---------------------------------------------------------------- Gabriel Lpez Milln Departamento de Ingeniera de la Informacin y las Comunicaciones University of Murcia Spain Tel: +34 868888504 Fax: +34 868884151 email: [email protected] _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
