Search RFCs

RFC Editor

File formats:

Status:

PROPOSED STANDARD

Authors:

J. Howlett
S. Hartman
A. Perez-Mendez, Ed.

Stream:

IETF

Source:

abfab (sec)

Cite this RFC:TXT  | XML  |  BibTeX

DOI:  https://doi.org/10.17487/RFC7833

Discuss this RFC: Send questions or comments to the mailing listabfab@ietf.org

Other actions:Submit Errata  | Find IPR Disclosures from the IETF  | View History of RFC 7833

Abstract

This document describes the use of the Security Assertion MarkupLanguage (SAML) with RADIUS in the context of the ApplicationBridging for Federated Access Beyond web (ABFAB) architecture. Itdefines two RADIUS attributes, a SAML binding, a SAML name identifierformat, two SAML profiles, and two SAML confirmation methods. TheRADIUS attributes permit encapsulation of SAML Assertions andprotocol messages within RADIUS, allowing SAML entities tocommunicate using the binding. The two profiles describe theapplication of this binding for ABFAB authentication and assertionQuery/Request, enabling a Relying Party to request authentication of,or assertions for, users or machines (clients). These clients may benamed using a Network Access Identifier (NAI) name identifier format.Finally, the subject confirmation methods allow requests and queriesto be issued for a previously authenticated user or machine withoutneeding to explicitly identify them as the subject. The use of theartifacts defined in this document is not exclusive to ABFAB. Theycan be applied in any Authentication, Authorization, and Accounting(AAA) scenario, such as network access control.

For the definition ofStatus,seeRFC 2026.

For the definition ofStream, seeRFC 8729.