>>>>> "Jim" == Jim Schaad <[email protected]> writes:
Jim> I have to admit this is interesting is that the trust router
Jim> would provide the ability for an RP to do this. I had managed
Jim> to insert a different entity into the picture and wonder if I
Jim> am wrong or of the document is just written odd.
Jim> I have an RP code that is written on top of GSS-API. At this
Jim> point I need to be able to do a couple of different things.
Jim> 1. Is the RP that is my service provider going to talk
Jim> directly to the AAA proxy that is hosted with the IdP, or is it
Jim> going to go through some local AAA proxy at my side of the
Jim> conversation.
In our deployment we're assuming that this is a local proxy.
Jim> 2. Since as an RP I am doing all of my talking to the AAA side
Jim> of the world via GSS-API, I assume that we need to have some
Jim> set of items for controlling how the routing is going to be
Jim> done in the GSS-API interface. We currently have a way of
Jim> getting answers from IdP such as the SAML returned (either in
Jim> its entirety or in parts.) And I assume we are going to have
Jim> some way of setting the SAML request. However, is the GSS-API
Jim> or the RP code itself going to deal with the routing issues?
I'm not aware of any proposals for controlling the routing through GSS.
I'm not aware of any proposals other than trust router for standardizing
controlling the routing.
Today that's done through proxy or RP-side config files.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
