. Question: should we explicitly link these to the 'user' and 'machine' TLV definitions proposed by TEAP?
. Yes we should tie this to the Identity Type code registry from the TEAP document . Figure out a way to name SAML authorities (e.g., attribute authorities) to support synchronous requests (e.g., for assertions). . I don't believe that this is a current requirement. We currently know how to ask the IdP in a SAML query for attributes. I cannot think of any reason why an RP would be able to know what SAML authority to ask a specific authority for a SAML response in a protocol. I believe this item can be not done. . The document currently only discusses TLS/TCP; also should mention TLS/UDP . NO!!!!!!!! Doctor it hurts when I do this. DON'T DO THIS!!!! With the additional overhead from DTLS, the fragmentation is going to be even worse that otherwise. . Include a prescription that "SAML responders SHOULD return a RADIUS state attribute" to facilitate subsequent use of the user/machine Subject Confirmation methods . YES - and this is trivial . Clarify text describing use of the SAML AuthNRequest's 'AllowCreate' attribute . YES - Per mailing list conversation - Specifically what needs to be said is this only applies if the IdP is going to return an explicit identifier for the client and that identifier needs to be created. Jim
_______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
