>>>>> "Margaret" == Margaret Wasserman <[log in to unmask]> writes:
Margaret> I may be misunderstanding the scenario, but what I would
Margaret> think we want is this:
Margaret> Trust Router A is a "default-free" trust router. It has
Margaret> an entry for every RP and IDP in the world. However, for
Margaret> some IDPs that are reached through Trust Router B, Trust
Margaret> Router A has an entry indicating that the TIDS (called AAA
Margaret> Server in the config, which was short-sighted) to use to
Margaret> reach that IDP is actually Trust Router B. Trust Router B
Margaret> has an entry for the same IDP that indicates the real TIDS
Margaret> for that IDP (the one connected to the AAA Server).
The problem with this configuration is that if the configuration of A
and B get out of sync you get a loop, and we have no loop detection.
I proposed splitting trust router b to avoid the loop with the current
code.
|