>>>>> "Stefan" == Stefan Paetow <[log in to unmask]> writes:
>> * Value a hash of Gss-Acceptor-Service-Name, NAI, salt.
Stefan> Just one small thing... Would this value formula be
Stefan> *prescribed*, i.e. in IETF terms a 'MUST', or would it be a
Stefan> *recommendation*, i.e. a SHOULD' or a 'MAY'? I'd venture to
Stefan> say that this should be up to the COIs to decide what format
Stefan> they'd like. If for example you have a group who use SAML
Stefan> now, but would like to preserve some of their identifiers in
Stefan> the AAA RADIUS attribute instead of shipping a
Stefan> SAML-AAA-Attribute, who are we to stop them?
In IETF terms:
* MUST be scoped with IETF realm
* MUST be a one-way function of the username that the RP cannot compute
* SHOULD be a pseudo-random function
|