Re: [abfab] Direction Forward for aaa-saml
Sam Hartman <hartmans@painless-security.com> Wed, 22 July 2015 14:41 UTC
Return-Path: <hartmans@painless-security.com>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB8F91A87C2 for <abfab@ietfa.amsl.com>; Wed, 22 Jul 2015 07:41:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWTAJAMa9NKq for <abfab@ietfa.amsl.com>; Wed, 22 Jul 2015 07:41:53 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2EB0F1B2E2D for <abfab@ietf.org>; Wed, 22 Jul 2015 07:41:52 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 925282075C; Wed, 22 Jul 2015 10:41:25 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3M4UlSfUtFdR; Wed, 22 Jul 2015 10:41:24 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (dhcp-89db.meeting.ietf.org [31.133.137.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Wed, 22 Jul 2015 10:41:24 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id C051B8867F; Wed, 22 Jul 2015 10:41:46 -0400 (EDT)
From: Sam Hartman <hartmans@painless-security.com>
To: "Cantor, Scott" <cantor.2@osu.edu>
References: <tslwpxsy0ql.fsf@mit.edu> <8E4E5965-0E43-4ABD-8853-8A6C7C6926C5@mnt.se> <tsloaj4xzvr.fsf@mit.edu> <0B96365A-4F6B-427A-9A87-70F069473F84@mnt.se> <tsl7fpsxrve.fsf@mit.edu> <0A08B89E-5533-4E34-9014-97C0D7877B6E@osu.edu>
Date: Wed, 22 Jul 2015 10:41:46 -0400
In-Reply-To: <0A08B89E-5533-4E34-9014-97C0D7877B6E@osu.edu> (Scott Cantor's message of "Wed, 22 Jul 2015 14:25:03 +0000")
Message-ID: <tslio9cw8yd.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/abfab/K1VVczSLlKRzDwU93rjMgPERU_U>
Cc: "abfab@ietf.org" <abfab@ietf.org>
Subject: Re: [abfab] Direction Forward for aaa-saml
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/abfab/>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2015 14:41:59 -0000
>>>>> "Cantor," == Cantor, Scott <cantor.2@osu.edu> writes: Cantor,> On 7/22/15, 9:07 AM, "abfab on behalf of Sam Hartman" Cantor,> <abfab-bounces@ietf.org on behalf of Cantor,> hartmans@painless-security.com> Cantor,> wrote: >> >> I think you'd need to: >> >> 1) Explain how I figure out which entity I'm using for my RADIUS >> server >> Consider this especially in a case where you're retrieving >> metadata dynamically rather than just having all the metadata in >> the world. Cantor,> That's orthogonal to any use of SAML metadata. How you get Cantor,> it (and verify it) is architecturally distinct from what it Cantor,> means and how it's used. Not really. If I'm starting with an NAI realm and would like to find the entity description of an entity that is at that NAI realm, I can only do that if my metadata access mechanism lets me search by that. However I do agree that this problem is general to the case where you're using SAML naming rather than AAA naming, not just to the case where you're getting protocol endpoints from metadata.
- [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Alejandro Pérez Méndez
- Re: [abfab] Direction Forward for aaa-saml Cantor, Scott
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Cantor, Scott
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Alejandro Pérez Méndez
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Cantor, Scott
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Cantor, Scott
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Alejandro Pérez Méndez
- Re: [abfab] Direction Forward for aaa-saml Cantor, Scott
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Jim Schaad