IETF Logo Mail Archive

Re: [abfab] Conflict between draft-ietf-abfab-aaa-saml and what Moonshot actually does

"Cantor, Scott" <cantor.2@osu.edu> Fri, 12 July 2013 13:58 UTC

Return-Path: <cantor.2@osu.edu>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7699211E810C for <abfab@ietfa.amsl.com>; Fri, 12 Jul 2013 06:58:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pon09g2Tcd3G for <abfab@ietfa.amsl.com>; Fri, 12 Jul 2013 06:58:00 -0700 (PDT)
Received: from tx2outboundpool.messaging.microsoft.com (tx2ehsobe005.messaging.microsoft.com [65.55.88.15]) by ietfa.amsl.com (Postfix) with ESMTP id 2FE2711E80FE for <abfab@ietf.org>; Fri, 12 Jul 2013 06:57:59 -0700 (PDT)
Received: from mail66-tx2-R.bigfish.com (10.9.14.238) by TX2EHSOBE012.bigfish.com (10.9.40.32) with Microsoft SMTP Server id 14.1.225.22; Fri, 12 Jul 2013 13:57:59 +0000
Received: from mail66-tx2 (localhost [127.0.0.1]) by mail66-tx2-R.bigfish.com (Postfix) with ESMTP id 57D363405B1; Fri, 12 Jul 2013 13:57:59 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:164.107.81.214; KIP:(null); UIP:(null); IPV:NLI; H:cio-krc-pf07; RD:none; EFVD:NLI
X-SpamScore: 4
X-BigFish: VPS4(zz1432I1506Jzz1f42h1d77h1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzzz2fh2a8h668h839h944hd25hf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah1d0ch1d2eh1d3fh1dfeh1dffh1e1dh1b1cn1b1bi1155h)
Received-SPF: pass (mail66-tx2: domain of osu.edu designates 164.107.81.214 as permitted sender) client-ip=164.107.81.214; envelope-from=cantor.2@osu.edu; helo=cio-krc-pf07 ; cio-krc-pf07 ;
Received: from mail66-tx2 (localhost.localdomain [127.0.0.1]) by mail66-tx2 (MessageSwitch) id 1373637477173472_25303; Fri, 12 Jul 2013 13:57:57 +0000 (UTC)
Received: from TX2EHSMHS008.bigfish.com (unknown [10.9.14.252]) by mail66-tx2.bigfish.com (Postfix) with ESMTP id 263024A00E0; Fri, 12 Jul 2013 13:57:57 +0000 (UTC)
Received: from cio-krc-pf07 (164.107.81.214) by TX2EHSMHS008.bigfish.com (10.9.99.108) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 12 Jul 2013 13:57:54 +0000
Received: from CIO-TNC-HT07.osuad.osu.edu (localhost [127.0.0.1]) by cio-krc-pf07 (Postfix) with ESMTP id 294FC500056; Fri, 12 Jul 2013 09:57:54 -0400 (EDT)
Received: from CIO-KRC-D1MBX01.osuad.osu.edu ([fe80::450b:35e6:80f4:f3e0]) by CIO-TNC-HT07.osuad.osu.edu ([fe80::1c0f:4d2:f020:9937%12]) with mapi id 14.03.0123.003; Fri, 12 Jul 2013 09:57:54 -0400
From: "Cantor, Scott" <cantor.2@osu.edu>
To: Sam Hartman <hartmans@painless-security.com>, Josh Howlett <Josh.Howlett@ja.net>
Thread-Topic: [abfab] Conflict between draft-ietf-abfab-aaa-saml and what Moonshot actually does
Thread-Index: AQHOfuv08xPL5gT/20qgYXqrqQzMLplhESqA
Date: Fri, 12 Jul 2013 13:57:53 +0000
Message-ID: <BA63CEAE152A7742B854C678D9491383AD0E775C@CIO-KRC-D1MBX01.osuad.osu.edu>
References: <CE057F8E.21F62%Josh.Howlett@ja.net> <tslbo68dpy3.fsf@mit.edu>
In-Reply-To: <tslbo68dpy3.fsf@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [164.107.161.117]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Forward
X-OriginatorOrg: osu.edu
Cc: "abfab@ietf.org" <abfab@ietf.org>
Subject: Re: [abfab] Conflict between draft-ietf-abfab-aaa-saml and what Moonshot actually does
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2013 13:58:06 -0000

>     Josh> Why?  Isn't it sufficient for the AAA layer to know that it is
>     Josh> a SAML blob? Why does the AAA layer care about the semantics
>     Josh> of the blob?
> 
> You and I should get together in person and work through this again and
> write text in the same session.
> 
> Unfortunately this seems to be a case where the discussion expires from
> the cache too soon.:-)

Ultimately you just have to strike a balance between overly specifying things and not signaling enough. I don't know enough about RADIUS to judge, but for me the rule of thumb is to either signal based on broad semantic categories (assertion vs. protocol messages) or be consistent and signal different XML elements uniquely based on Qname/xsi:type.

-- Scott

v2.23.0 | Report a Bug | By Email