El 12/03/14 14:18, Sam Hartman escribió: > We're discussing section 8 of draft-ietf-abfab-aaa-saml. > >> this issue would be declaring SAML-Message and/or the SAML-Assertion >> attributes as authentication attributes. We think this would make sense >> as as they might affect how the subsequent authentication process will >> be performed. > I don't support that approach mostly because it assumes there will be > subsiquent authentication. If there is such I'd expect eap-message or > similar to be present in the radius access-request
Following Alan's suggestions, we decided for our draft that it was better to do not mix things up and keep RADIUS-EAP (and other authenticaiton mechanisms) completely unmodified. > My recommendation is that we indicate in section 8 that this draft only > covers the case where the request in in the context of an existing > session and includes state. > In future, the profile can be expanded. I'd probably leave state as a > SHOULD with a note about 2865 and indicate that if you're using this > profile without state you need a spec describing how to do that and that > spec needs to tell you what authentication attributes to include. > > --Sam _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
