-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
some comments
El 07/11/13 17:27, Sam Hartman escribió:
>
>
>
> Section 5.3.1
>
> Isn't the AAA server a SAML consumer of an authentication request?
section 1.4.5 in draft-ietf-abfab-arch-08 says that:
"The RP sends ...., and it may send a SAML Attribute Request in a AAA
attribute. The AAA network checks that the identity claimed by the RP
is valid."
I guess the draft (arch-08) should say SAML AuthNRequest and,
optionally, AttributeRequest, if what the RP is waiting for is an
authentication statement, and optionally, attribute statements.
In general, the exchange of SAML messages between RP and IdP is not
clear in the drafts.
>
>
>
> Section 7.3.3:
> Wait. You're saying that my RADIUS server MUST look inside the SAML
> message and if a certain attribute is present go change my EAP state
> machine?
>
> I don't think anyone will ever implement that.
> Also, how does it interact with semi-long-term elements like Kerberos
> TGTs or TEAP tickets?
What your concern is about? RADIUS server looking inside SAML sentences?
or changing EAP state machine?
The first one is necessary if the RADIUS server has to take into account
things such as LoA specified by the RP
Although I suppose an independent RADIUS module is in charge of the SAML
stuff.
Regards, Gabi.
>
>
> Section 7.3.4:
>
> Is the simple system model inside or outside the scope of this profile?
> This also (and more importantly) applies to the requirements for the
> response.
>
> Ah, I see that this is handled later.
>
> There are still a lot of todos.
>
>
> _______________________________________________
> abfab mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/abfab
- --
- --------------------------------------------------------------
Gabriel López Millán
Departamento de Ingeniería de la Información y las Comunicaciones
University of Murcia
Spain
Tel: +34 868888504
Fax: +34 868884151
email: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSgMzQAAoJEMUYqoSNEZFTgDAIAOACZs776GdTvEv5Ro0ypPH9
ukZJJ9y5qGGNCXH3YR7GbULhdH6MUPvh8a3xLDBB+/0JVa810RN5r1564rMENv7i
j/1Rc60h4CrYyb65PrkcZ9DV3ISgYsqcLGBw5KICW02Gjv9SYXlweCAslcudlaRd
dtzROBx9+s+BhP1zr+nySIyo1eRVFIYVo/POgQI11oGHNIlWGzXFSmY7F29PCC1N
Glx3OxblsUON4pcTGhrNkeuxAcYLGVimW75py/w1GQSABJ0YV3Zjx8AlJdAOtABp
m4mdcr/XIMdwomaJ1KpbnCkDCK8LjqA8vm16ujS2c3dv3Ntc2mKXMqpOkqdLIzc=
=6XAk
-----END PGP SIGNATURE-----
0x8D119153.asc
Description: application/pgp-keys
_______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
