[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: PR comments on SAML V2.0 Identity Assurance Profiles, Version 1.0
Disclaimer: As part of the duties of serving on the TAB, 60 day public
reviews are rotated amongst the TAB members, excluding TC-Admin who has to
remain neutral. These comments are provided by me as an individual TAB member
and do not necessarily represent the views of all TAB members. Line numbers relative to the PDF. Line 29/30 : change “It relies the features…”
to “It relies on the features…” Line 33: no namespace. Line number 123 say “defines a
restricted version of the AuthnContext
schema”. Would it not make sense to put this in its own namespace
to avoid confusion with the original? There is usually some mechanism used to
be able to identify when a profile is being used. Line 171: “When these words are not capitalized, they are meant in their
natural-language sense.” This is in violation of RFC2119. Use other
words in non-normative text. Line 207
thru 210: This template has no introduction or description, so I have no idea
what it is saying. Line 211,
section 2.2. There is no normative requirement in this section. Is this
intentional? Line 340:
this is the ONLY normative MUST I see in the whole document (excluding the
conformance section). I think there is more going on in this spec than a single
MUST, but I can’t figure that out. Line 387:
conformance. I would like to see references back to the relevant sections in 2
and 3 somewhere in 4.1/4.2 as its not explicitly clear what is in this profile. Line 389:
implementations of what? Please clarify. Final
comment. There needs to be some more tying together of sections 2, 3 and
4 so it is obvious that they are defining something that is a coherent profile. Martin.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]