On 22/05/2014 11:47, Rhys Smith wrote:
> I see the main reason as being able to provide an identifier in an
> easy to get & deal with way in RADIUS only,
I dont see this as being the key factor. Whether it is a Radius or
Saml attribute is not that big a deal as it will still need code to
extract it before it can be used. The key factor to me is whether the
user knows the value of this ID before it is first used, as this will
make the life of the RP admin easier i.e. can the value be
preconfigured into the access control rules or does some protocol
interaction have to take place first in order to get at this value
before it can be configured into the access control rules.
regards
David
|