> The idea is that the SAML Requester can use an attribute request using a
> new SAML Subject Confirmation Method. This Method gives (1) the value of
> the RADIUS State attribute pointing to the RADIUS session in question and
> (2) whether the response should include attributes describing the user or
> machine.
Wouldn't one assume that absent this subject confirmation, the query was about
the subject (the user)?
> Define an XML attribute ("RadiusStateValue") giving the RADIUS State
> attribute value
>
> Define an XML attribute ("RadiusIdentityType") giving the Identity-Type
> TLV value
You can do that, but they'll have to be namespace qualified, the wildcard in
the schema requires namespace="##other", which doesn't permit unqualified
attributes.
-- Scott
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
