I think Scott's desire for a symmetric solution is strongly desirable. The issue (which is conceptually similar to CB but is not technically related to CB) appears in both directions.
The RP needs to demonstrate that it SAML message should be presented by the RP's AAA entity. - The IDP needs to demonstrate to the RP that its assertion should come via the expected AAA realm. Both issues matter, and a symmetric solution seems like a win. _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
