Sign in
Version 5.10.1.p2, 2015-01-28
Report a bug

A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for SAML

Document type: Expired Internet-Draft (abfab WG)
Document stream: IETF
Last updated: 2014-08-18 (latest revision 2014-02-14)
Intended RFC status: Unknown
Other versions: (expired, archived): plain text, pdf, html

IETF State: WG Document Oct 2010
Document shepherd: No shepherd assigned

IESG State: Expired
Responsible AD: (None)
Send notices to: No addresses provided

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found here:


This document describes the use of the Security Assertion Mark-up Language (SAML) with RADIUS in the context of the ABFAB architecture. It defines two RADIUS attributes, a SAML binding, a SAML name identifier format, two SAML profiles, and two SAML confirmation methods. The RADIUS attributes permit encapsulation of SAML assertions and protocol messages within RADIUS, allowing SAML entities to communicate using the binding. The two profiles describe the application of this binding for ABFAB authentication and assertion query/request, enabling a Relying Party to request authentication of, or assertions for, user or machine principals. These principals may be named using an NAI name identifier format. Finally, the subject confirmation methods allow requests and queries to be issued for a previously authenticated user or machine without needing to explicitly identify them as the subject. These artifacts have been defined to permit application in AAA scenarios other than ABFAB, such as network access.


Josh Howlett <>
Sam Hartman <>

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)