Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for the Security Assertion Markup Language (SAML)
draft-ietf-abfab-aaa-saml-14

Yes

(Stephen Farrell)

No Objection

Alvaro Retana

(Alissa Cooper)

(Barry Leiba)

(Ben Campbell)

(Brian Haberman)

(Deborah Brungard)

(Jari Arkko)

(Joel Jaeggli)

(Kathleen Moriarty)

(Martin Stiemerling)

Note: This ballot was opened for revision 12 and is now closed.

Alvaro Retana No Objection

(Stephen Farrell; former steering group member) Yes

Yes (for -12)

(Alissa Cooper; former steering group member) (was Discuss) No Objection

No Objection (2016-01-06 for -13)

Thanks for answering my questions about extending the SAML spec.

The use of normative MAYs in Section 9 does not seem appropriate.

(Barry Leiba; former steering group member) No Objection

No Objection (2016-01-06 for -13)

Because abfab-arch defines the terms "Client", "Relying Party", and 
"Identity Provider", I think abfab-arch should be a normative reference.

-- Section 3 --

   The RADIUS SAML binding defined in Section 4 of this document uses
   two attributes to convey SAML assertions and protocol messages
   respectively [OASIS.saml-core-2.0-os]

Nit: "respectively" is out of place here, and should be removed.  You 
would only use "respectively" if you named the two attributes ("...uses 
two attributes, SAML-Assertion and SAML-Protocol, to convey SAML 
assertions and protocol messages, respectively.").

-- Section 7.3.5 --

   If issued by the Identity Provider, the Relying Party MUST process
   the <samlp:Response> message and any enclosed assertion elements as
   described in [OASIS.saml-core-2.0-os]

"If issued" is dangling, and  makes it look like the Relying Party is 
issued by the Identity Provider.

NEW
   If a <samlp:Response> message is issued by the Identity Provider,
   the Relying Party MUST process that message and any enclosed
   assertion elements as described in [OASIS.saml-core-2.0-os]
END

-- Section 11.2 --
Thank you; this section is well done.

(Ben Campbell; former steering group member) No Objection

No Objection (for -13)

(Brian Haberman; former steering group member) No Objection

No Objection (for -13)

(Deborah Brungard; former steering group member) No Objection

No Objection (for -13)

(Jari Arkko; former steering group member) No Objection

No Objection (for -13)

(Joel Jaeggli; former steering group member) No Objection

No Objection (for -13)

(Kathleen Moriarty; former steering group member) No Objection

No Objection (2016-01-05 for -13)

Thanks for addressing the SecDir review:
https://www.ietf.org/mail-archive/web/secdir/current/msg06287.html

(Martin Stiemerling; former steering group member) No Objection

No Objection (for -13)

A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for the Security Assertion Markup Language (SAML) draft-ietf-abfab-aaa-saml-14

A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for the Security Assertion Markup Language (SAML)
draft-ietf-abfab-aaa-saml-14