Remapping of attributes is something that Plasma is going to want. I don't know that this is restricted to just on at either end. I think that it may possibly happen any time you cross any type of federation boundary. How attributes are portrayed and represented and if they have any significance is going to depend on the federation agreement. I think that on will generally be uninterested in the proxies that occur inside of a federation.
When looking at what Moonshot is doing, I think that the trust router will skip right to the cross-boundary federation proxies that will need to potentially do the re-writing and thus it is an issue for all such proxy agents. Also I think that the re-writes will be done in both directions. If you do a query from the RP to the IdP, then the attributes you are asking for change as you cross the federation boundaries. And the response of the query needs to be modified as it comes back so that the RP can understand what is happening. While it would be ideal if this only happens at the end points, I fully expect in any type of complex federation it would happen in the middle as well. Jim > -----Original Message----- > From: Alejandro Perez Mendez [mailto:[email protected]] > Sent: Monday, March 12, 2012 9:07 AM > To: Sam Hartman > Cc: Josh Howlett; Jim Schaad; [email protected] > Subject: Re: [abfab] FYI: New Version Notification for draft-perez-radext- > radius-fragmentation-01.txt > > > > Well, I think you may well need SAML rewrite at AAA proxies if you > > don't have something like Kerberos. > > > > Attribute remapping at organizational boundaries seems like something > > people will want. > > But that does not happen at the intermediary AAA proxies, as they are not > interested on the information being transmitted. It should happend at both > ends of the communication, or at a close point. And likely it will happend > once at much for each assertion. Am I wrong? > > Regards, > Alejandro _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
