On 2014-07-24 17:41, Josh Howlett wrote:
> Hi Sam,
(not speaking as chair)
>
>> As I understand it, in the case where we're not using SAML metadata, and
>> where we're relying on the AA trust fabric, we make the requirement that the
>> AAA entities correspond to the SAML entities.
>> So, we don't need to constrain the SAML naming because the AAA entities
>> are making the assertions that the SAML names also correspond to the AAA
>> names.
>
> Yes, but I believe that we also need to constrain SAML naming to the extent
> that SAML entities are making claims about their names to other entities in a
> way that is consistent with the underlying AAA system.
>
Fair enough but I believe your cure is much worse than the affliction of
having to deal with SAML metadata.
Cheers Leif
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
