{"draft":"draft-ietf-abfab-aaa-saml-14","doc_id":"RFC7833","title":"A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for the Security Assertion Markup Language (SAML)","authors":["J. Howlett","S. Hartman","A. Perez-Mendez, Ed."],"format":["ASCII","HTML"],"page_count":"32","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Application Bridging for Federated Access Beyond web","abstract":"This document describes the use of the Security Assertion Markup\r\nLanguage (SAML) with RADIUS in the context of the Application\r\nBridging for Federated Access Beyond web (ABFAB) architecture.  It\r\ndefines two RADIUS attributes, a SAML binding, a SAML name identifier\r\nformat, two SAML profiles, and two SAML confirmation methods.  The\r\nRADIUS attributes permit encapsulation of SAML Assertions and\r\nprotocol messages within RADIUS, allowing SAML entities to\r\ncommunicate using the binding.  The two profiles describe the\r\napplication of this binding for ABFAB authentication and assertion\r\nQuery\/Request, enabling a Relying Party to request authentication of,\r\nor assertions for, users or machines (clients).  These clients may be\r\nnamed using a Network Access Identifier (NAI) name identifier format.\r\nFinally, the subject confirmation methods allow requests and queries\r\nto be issued for a previously authenticated user or machine without\r\nneeding to explicitly identify them as the subject.  The use of the\r\nartifacts defined in this document is not exclusive to ABFAB.  They\r\ncan be applied in any Authentication, Authorization, and Accounting\r\n(AAA) scenario, such as network access control.","pub_date":"May 2016","keywords":["ABFAB","AAA","EAP","RADIUS","SAML"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7833","errata_url":null}