On Jul 17, 2008, at 2:14 PM, Tschofenig, Hannes (NSN - FI/Espoo) wrote:
Would it be reasonable to write the SAML doc against RFC 4474, documenting the issues with RFC 4474 that you've raised, and then publish as experimental? Then if we ever get Identity revised, we can come back to the SAML document. And it gets one more thing off our plate for now.Sure. That's essentially what we currently have in the document.Still, there is one unresolved issue we never really figured out how tofix: "wrt RFC4474 'absoluteURI' in Identity-Info header field and SIP-SAML implications" http://www.tschofenig.priv.at:8080/saml-sip/issue12 This let us wonder whether we should maybe go for a separate header.
Ah. I understand, I think. Check me: SIP-SAML doesn't work with RFC 4474 because the Identity-Info header field of RFC 4474 has as its value a URI that points to a cert, and SIP-SMAL needs it to point to a SAML assertion.
So you're proposing a new header like "SAML-Info" that would have as its value a URI that points to a SAML assertion?
This could be done easily enough in an Experimental (although current 3427 rules mean it would be P-SAML-Info, note that Keith has a draft out on revising 3427). It would certainly be easier than revising RFC 4474.
If you went that route, you might note that the requirement for a separate header to reference the SAML assertion is an artifact of RFC 4474, and that it could be done away with if a revision of RFC 4474 allowed the Identity-Info header field to reference a SAML assertion.
Are we done with this now? -- Dean _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors at cs.columbia.edu for questions on current sip Use sipping at ietf.org for new developments on the application of sip