Browse Prior Art Database

A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for the Security Assertion Markup Language (SAML) (RFC7833) Disclosure Number: IPCOM000246713D
Original Publication Date: 2016-May-01
Included in the Prior Art Database: 2016-Jun-29
Document File: 64 page(s) / 66K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Howlett: AUTHOR [+3]


Within the ABFAB (Application Bridging for Federated Access Beyond web) architecture [RFC7831], it is often desirable to convey Security Assertion Markup Language (SAML) Assertions and protocol messages.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 4% of the total text.

Internet Engineering Task Force (IETF)                        J. Howlett Request for Comments: 7833                                          Jisc Category: Standards Track                                     S. Hartman ISSN: 2070-1721                                        Painless Security                                                     A. Perez-Mendez, Ed.                                                     University of Murcia                                                                 May 2016

    A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and  Confirmation Methods for the Security Assertion Markup Language (SAML)


   This document describes the use of the Security Assertion Markup

   Language (SAML) with RADIUS in the context of the Application

   Bridging for Federated Access Beyond web (ABFAB) architecture.  It

   defines two RADIUS attributes, a SAML binding, a SAML name identifier

   format, two SAML profiles, and two SAML confirmation methods.  The

   RADIUS attributes permit encapsulation of SAML Assertions and

   protocol messages within RADIUS, allowing SAML entities to

   communicate using the binding.  The two profiles describe the

   application of this binding for ABFAB authentication and assertion

   Query/Request, enabling a Relying Party to request authentication of,

   or assertions for, users or machines (clients).  These clients may be

   named using a Network Access Identifier (NAI) name identifier format.

   Finally, the subject confirmation methods allow requests and queries

   to be issued for a previously authenticated user or machine without

   needing to explicitly identify them as the subject.  The use of the

   artifacts defined in this document is not exclusive to ABFAB.  They

   can be applied in any Authentication, Authorization, and Accounting

   (AAA) scenario, such as network access control.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force    (IETF).  It represents the consensus of the IETF community.  It has    received public review and has been approved for publication by the    Internet Engineering Steering Group (IESG).  Further information on    Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,    and how to provide feedback on it may be obtained at

Howlett, et al.              Standards Track                    [Page 1]
 RFC 7833            ...