On Jul 17, 2008, at 2:14 PM, Tschofenig, Hannes (NSN - FI/Espoo) wrote:
Would it be reasonable to write the SAML doc against RFC 4474,
documenting the issues with RFC 4474 that you've raised, and
then publish as experimental? Then if we ever get Identity
revised, we can come back to the SAML document. And it gets
one more thing off our plate for now.
Sure. That's essentially what we currently have in the document.
Still, there is one unresolved issue we never really figured out how
to
fix: "wrt RFC4474 'absoluteURI' in Identity-Info header field and
SIP-SAML implications"
http://www.tschofenig.priv.at:8080/saml-sip/issue12
This let us wonder whether we should maybe go for a separate header.
Ah. I understand, I think. Check me: SIP-SAML doesn't work with RFC
4474 because the Identity-Info header field of RFC 4474 has as its
value a URI that points to a cert, and SIP-SMAL needs it to point to a
SAML assertion.
So you're proposing a new header like "SAML-Info" that would have as
its value a URI that points to a SAML assertion?
This could be done easily enough in an Experimental (although current
3427 rules mean it would be P-SAML-Info, note that Keith has a draft
out on revising 3427). It would certainly be easier than revising RFC
4474.
If you went that route, you might note that the requirement for a
separate header to reference the SAML assertion is an artifact of RFC
4474, and that it could be done away with if a revision of RFC 4474
allowed the Identity-Info header field to reference a SAML assertion.
Are we done with this now?
--
Dean
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
