>>>>> "Cantor," == Cantor, Scott <[email protected]> writes:
>> 1. Do we have any other examples where we might have a SAML
>> requester/responder other than the case of the RP/IdP? If so, it
>> might be wise to mention at least one other case in the
>> introductory paragraph in section 1. Otherwise it might be
>> easier to just say that we are sending messages between the RP
>> and the IdP and not generalize it. Can anybody see a reason that
>> one might want to reverse the endpoints? So that the RP becomes
>> the server and the IdP the client???
Cantor,> Any binding should be left generically defined as SAML
Cantor,> requester and responder, even if you don't specifically
Cantor,> have a use case to hand. It's just the right layering.
Conceptually I agree that defining things in terms of requester and
responder are desirable.
If we do that, thought, it seems like we need to describe how to
identify and route things at the AAA layer.
Routing to IDP associated with that AAA server is easy.
However going beyond that is tricky at the RADIUS layer.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
