[abfab] Direction Forward for aaa-saml
Sam Hartman <hartmans@painless-security.com> Wed, 22 July 2015 09:56 UTC
Return-Path: <hartmans@painless-security.com>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FCB51AC43B for <abfab@ietfa.amsl.com>; Wed, 22 Jul 2015 02:56:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NbAADTV8i0sn for <abfab@ietfa.amsl.com>; Wed, 22 Jul 2015 02:56:22 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E0B31AC43A for <abfab@ietf.org>; Wed, 22 Jul 2015 02:56:22 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 0EB0420759; Wed, 22 Jul 2015 05:55:56 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cjftQ7Z8HvDU; Wed, 22 Jul 2015 05:55:55 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (dhcp-89db.meeting.ietf.org [31.133.137.219]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Wed, 22 Jul 2015 05:55:55 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 83B0782120; Wed, 22 Jul 2015 05:56:18 -0400 (EDT)
From: Sam Hartman <hartmans@painless-security.com>
To: abfab@ietf.org, josh.howlett@jisc.ac.uk
Date: Wed, 22 Jul 2015 05:56:18 -0400
Message-ID: <tslwpxsy0ql.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/abfab/Z8IpNuwl7KSXGQ1fU3ErV7zATHM>
Subject: [abfab] Direction Forward for aaa-saml
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/abfab/>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2015 09:56:23 -0000
Leif, I wanted to write up my understanding of our proposed direction forward, just in case things take longer than we anticipate to implement. During the meeting Monday we discussed Alejandro's proposal. He proposes adding two new role descriptor subtypes: Radiusidpdescriptor and Radiusrpdescriptor. That seems great. He proposes adding a RadiusIdpService and RadiusRpService of EndpointType as well. In the meeting we discussed that we really aren't specifying an edpoint. In particular, the location of the service is implicit in this RADIUS binding. It's possible we might describe something in the future where we included radsec endpoints and keys in metadata, but that's not what we need now. However we also discovered that a role descriptor doesn't actually need any EndpointType subclasses. So, instead, Alejandro will create a different extension to rolldescriptor to include the naming information we need. This will allow us to avoid registering an unresolvable URI to describe the security name of a RADIUS entity. Have I accurately summarized what we discussed? If so, I'd like to solicit any comments from the list. --Sam
- [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Alejandro Pérez Méndez
- Re: [abfab] Direction Forward for aaa-saml Cantor, Scott
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Cantor, Scott
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Alejandro Pérez Méndez
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Cantor, Scott
- Re: [abfab] Direction Forward for aaa-saml Sam Hartman
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Cantor, Scott
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Alejandro Pérez Méndez
- Re: [abfab] Direction Forward for aaa-saml Cantor, Scott
- Re: [abfab] Direction Forward for aaa-saml Leif Johansson
- Re: [abfab] Direction Forward for aaa-saml Jim Schaad