Hi Sam El 12/03/2014, a las 16:27, Sam Hartman <[email protected]> escribió:
>>>>>> "Rafa" == Rafa Marin Lopez <[email protected]> writes: > > Rafa> Hi Sam: Then, there will not be a "pre-authorization phase > Rafa> prior an authentication" use case/profile in this draft, > Rafa> correct? > > If you need fragmentation, then you should follow the rules of > draft-ietf-radext-radius-fragmentation. > And there, yes the SAML would come before EAP, and you'd end up > violating the MUST in 2865 as we discussed in radext last week. Yes, that is clear. > > However, from the standpoint of draft-ietf-abfab-aaa-saml, by the time > the fragmented packet is reassembled, but authentication and saml > attributes will be present. So, in the end, there won't be pre-authz prior an authentication in aaa-saml. That is what I wanted to make sure. Thanks. > > My understanding of Alan's concern is that you didn't want to intermix > fragmentation of authorization information with fragmentation of EAP. > For example, you didn't want to have an EAP and SAML conversation going > on at the same time. > > --Sam ------------------------------------------------------- Rafael Marin Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] ------------------------------------------------------- _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
