(Responding to my own mail) >>> >>>That's certainly a possible deployment option although I believe that >>>even >>>in a Diameter-based deployment, there may be a role for proxies and >>>other >>>active intermediaries. However, I think I may have misunderstood the >>>thrust of your question...? >> >>I'm trying to confirm my understanding that if I had an app at my end and >>federated partners that supported DIAMETER that I wouldn't need the >>entire >>eduroam fabric to be running DIAMETER too. >> >>In other words, it's a peer to peer problem of updating software to >>support a feature, not waiting for an entire national network to upgrade. > >Ah ok. Yes, it's a peer to peer problem.
Let me clarify that, because I suspect I was still misunderstanding your question. If you were relying on an intermediate fabric for trust establishment and other assurances, then that fabric (and your federated partners, obviously) would also need to support Diameter. While Diameter supports proxies, it does not require them for trust establishment and routing between federated partners as in the RADIUS case. A Diameter based fabric is much more likely to look like a mesh federation. This obviously creates a problem if you already have a hub-and-spoke or hierarchical hub-and-spoke RADIUS federation (as in the eduroam case) and want to use SAML messages > 4kb. In this case, you need to change your fabric. Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
