So, I'm a bit confused why we're discussing whether hop-by-hop integrity is good enough. That's been how RADIUS handles integrity for authorization attributes all along. Why does describing authorization in terms of XML make that different than authorization described in native RADIUS attributes?
No confidentiality and too many proxies is posing a problem for some usecases that we're looking at deploying. I'm looking to RADSEC as a solution to that for my clients. SAML signatures would not help with the confidentiality issues. Also, since most of what I'd like to make confidential is in RADIUS attributes not SAML, xml encryption wouldn't help either. --Sam _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
