This document describes the use of the Security Assertion Mark-up
Language (SAML) with RADIUS in the context of the ABFAB architecture.
It defines two RADIUS attributes, a SAML binding, a SAML name
identifier format, two SAML profiles, and two SAML confirmation
methods. The RADIUS attributes permit encapsulation of SAML
assertions and protocol messages within RADIUS, allowing SAML
entities to communicate using the binding. The two profiles describe
the application of this binding for ABFAB authentication and
assertion query/request, enabling a Relying Party to request
authentication of, or assertions for, user or machine principals.
These principals may be named using an NAI name identifier format.
Finally, the subject confirmation methods allow requests and queries
to be issued for a previously authenticated user or machine without
needing to explicitly identify them as the subject. These artifacts
have been defined to permit application in AAA scenarios other than
ABFAB, such as network access.