>>>>> "David" == David Chadwick <[email protected]> writes:
David> I dont understand what your trust model is, if you dont have
David> a PKI or a trust router, then how can an RP trust any SAML
David> metadata that it has obtained from anywhere? It has to get
David> this from a trustworthy source. I thought that the
David> trustrouter (admin) was this TTP. If not, then who is?
draft-ietf-abfab-aaa-saml talks about two trust models.
The first, AAA trust, is discussed in section 2.1 of
draft-ietf-abfab-arch-08 and section 5.3.1 of
draft-ietf-abfab-aaa-saml-08.
You're correct that Moonshot plans to use trustrouter to instantiate
that trust model and currently we are mostly focused around that trust
model.
It's possible that someone will want to use an existing SAML federation
with its own existing trust model (probably based on signed SAML
metadata) and send SAML messages over RADIUS. I'm not working on any
deployments of that, and I don't know of anyone in the Moonshot
community who is going out of their way to make that possible. However
the Shibboleth SP already comes with the majority of code you need for
that. So, it's probably relatively easy to make that possible.
It turns out there are security implications when you give a barrer
token like a SAML assertion to a third party. There are several ways of
looking at the problems that can result. I've chosen to look at it is
confirming the party who gave you the assertion was intended to receive
it by someone you trust.
Section 5.3.2 of draft-ietf-abfab-aaa-saml, tries to discuss this.
We've found it to be a complex discussion.
Does this help clarify what's going on?
--Sam
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
