Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for the Security Assertion Markup Language (SAML)
draft-ietf-abfab-aaa-saml-14

Yes

(Stephen Farrell)

No Objection

(Alissa Cooper)

(Alvaro Retana)

(Barry Leiba)

(Ben Campbell)

(Brian Haberman)

(Deborah Brungard)

(Jari Arkko)

(Joel Jaeggli)

(Kathleen Moriarty)

(Martin Stiemerling)

Note: This ballot was opened for revision 12 and is now closed.

Stephen Farrell Former IESG member

Yes

Yes (for -12) Unknown

Alissa Cooper Former IESG member

(was Discuss) No Objection

No Objection (2016-01-06 for -13) Unknown

Thanks for answering my questions about extending the SAML spec.

The use of normative MAYs in Section 9 does not seem appropriate.

Alvaro Retana Former IESG member

No Objection

No Objection (for -13) Unknown

Barry Leiba Former IESG member

No Objection

No Objection (2016-01-06 for -13) Unknown

Because abfab-arch defines the terms "Client", "Relying Party", and 
"Identity Provider", I think abfab-arch should be a normative reference.

-- Section 3 --

   The RADIUS SAML binding defined in Section 4 of this document uses
   two attributes to convey SAML assertions and protocol messages
   respectively [OASIS.saml-core-2.0-os]

Nit: "respectively" is out of place here, and should be removed.  You 
would only use "respectively" if you named the two attributes ("...uses 
two attributes, SAML-Assertion and SAML-Protocol, to convey SAML 
assertions and protocol messages, respectively.").

-- Section 7.3.5 --

   If issued by the Identity Provider, the Relying Party MUST process
   the <samlp:Response> message and any enclosed assertion elements as
   described in [OASIS.saml-core-2.0-os]

"If issued" is dangling, and  makes it look like the Relying Party is 
issued by the Identity Provider.

NEW
   If a <samlp:Response> message is issued by the Identity Provider,
   the Relying Party MUST process that message and any enclosed
   assertion elements as described in [OASIS.saml-core-2.0-os]
END

-- Section 11.2 --
Thank you; this section is well done.

Ben Campbell Former IESG member

No Objection

No Objection (for -13) Unknown

Brian Haberman Former IESG member

No Objection

No Objection (for -13) Unknown

Deborah Brungard Former IESG member

No Objection

No Objection (for -13) Unknown

Jari Arkko Former IESG member

No Objection

No Objection (for -13) Unknown

Joel Jaeggli Former IESG member

No Objection

No Objection (for -13) Unknown

Kathleen Moriarty Former IESG member

No Objection

No Objection (2016-01-05 for -13) Unknown

Thanks for addressing the SecDir review:
https://www.ietf.org/mail-archive/web/secdir/current/msg06287.html

Martin Stiemerling Former IESG member

No Objection

No Objection (for -13) Unknown

A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for the Security Assertion Markup Language (SAML) draft-ietf-abfab-aaa-saml-14

A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for the Security Assertion Markup Language (SAML)
draft-ietf-abfab-aaa-saml-14