>>>>> "Rafa" == Rafa Marin Lopez <[email protected]> writes:
Rafa> Hi Sam: Then, there will not be a "pre-authorization phase
Rafa> prior an authentication" use case/profile in this draft,
Rafa> correct?
If you need fragmentation, then you should follow the rules of
draft-ietf-radext-radius-fragmentation.
And there, yes the SAML would come before EAP, and you'd end up
violating the MUST in 2865 as we discussed in radext last week.
However, from the standpoint of draft-ietf-abfab-aaa-saml, by the time
the fragmented packet is reassembled, but authentication and saml
attributes will be present.
My understanding of Alan's concern is that you didn't want to intermix
fragmentation of authorization information with fragmentation of EAP.
For example, you didn't want to have an EAP and SAML conversation going
on at the same time.
--Sam
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
