Skip to main content

A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for the Security Assertion Markup Language (SAML)
draft-ietf-abfab-aaa-saml-14

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Cc: abfab@ietf.org, abfab-chairs@ietf.org, draft-ietf-abfab-aaa-saml@ietf.org, "Klaas Wierenga" <klaas@cisco.com>, "The IESG" <iesg@ietf.org>, rfc-editor@rfc-editor.org, klaas@cisco.com, stephen.farrell@cs.tcd.ie
Subject: Protocol Action: 'A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for SAML' to Proposed Standard (draft-ietf-abfab-aaa-saml-14.txt)

The IESG has approved the following document:
- 'A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and
   Confirmation Methods for SAML'
  (draft-ietf-abfab-aaa-saml-14.txt) as Proposed Standard

This document is the product of the Application Bridging for Federated
Access Beyond web Working Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-abfab-aaa-saml/


Ballot Text

Technical Summary:

  The document describes the use of the Security Assertion Mark-up
  Language (SAML) with RADIUS in the context of the ABFAB architecture.
  It defines two RADIUS attributes, a SAML binding, a SAML name
  identifier format, two SAML profiles, and two SAML confirmation
  methods.  The RADIUS attributes permit encapsulation of SAML
  assertions and protocol messages within RADIUS, allowing SAML
  entities to communicate using the binding.  The two profiles describe
  the application of this binding for ABFAB authentication and
  assertion query/request, enabling a Relying Party to request
  authentication of, or assertions for, users or machines (Clients).
  These Clients may be named using a NAI name identifier format.
  Finally, the subject confirmation methods allow requests and queries
  to be issued for a previously authenticated user or machine without
  needing to explicitly identify them as the subject.  These artifacts
  have been defined to permit application in AAA scenarios other than
  ABFAB, such as network access.

Working Group Summary:

  This document had a few false starts before it really got traction. 
  That has resulted in a rather lengthy process to get going. The challenge 
  was getting the right set of experts on RADIUS and SAML together, now 
  consensus is strong that this is the right approach.

Document Quality:

  There is as far as I know 1 implementation of the protocol. At 
  this stage there are no indications for wide industry take-up.
  Special mention deserves Scott Cantor (editor of the SAML2.0 spec 
  and member of OASIS SSTC) for doing a thorough review and guide 
  the authors on the SAML side.

Personnel:

  Document Shepherd: Klaas Wierenga
  Responsible Area Director: Stephen Farrell

RFC Editor Note

  There was one, but it's included in -14, so now there isn't one:-)

RFC Editor Note