[security-services] Bindings action items from F2F#4

["Mishra, Prateek" <pmishra@netegrity.com>]

Colleagues,
 
Several specific action items for taking the bindings draft forward were
discussed at F2F#4. All references are to the PDF version of the
draft. Here is a list:
 
 
(1) lines 472-473, Section 4.1.3
Bob Blakley will provide improved text to replace:
 
(1) Each source site selects a single Identification URL which it
communicates to all potential 472 

destination sites. The domain name used within the identification URL MUST
be administered 473 

by source site. 474 

 
(2) lines 732-733, Section 4.1.6.1
Bob Morgan and Phil Baker.
 
The FORM Post architecture should not rely on the <Audience> element for
target information. A <ForYourEyesOnly> tag is to be included 
within core. Bob will provide needed text to Phil.
 
 
(3) lines 788-791, Section 4.2.2 
Irving to propose text to make the language more precise and clarify any
connections with SAML faultcode.
 
(4) lines 824-829, Section 4.2.3.1.1
Irving to research and propose language to weaken requirement on signing
over entire message (body and headers). The proposal is to require
signing over assertion headers and body only. Other components are to
be signed by agreement between sender and receiver (out of scope for
us).
 
(5) Need for additional ConfirmationMethod identifiers (Prateek and Phil)
Bindings-06 uses two identifiers not found in
core: HolderOfKey and SenderVouches. It is important to understand
that no change in schema is being proposed, only new text and constants
for Section 5 of core. Prateek to send Phil necessary text.
 
(6) Section 3.1, SAML SOAP binding
Simon Godik to review and add text to reflect F2F#4 discussion.
 
(7) Prateek to publish bindings-07 during week of December 3.
This contingent (somewhat) on completion of items (1)-(6). 
 
(8) In depth reviewers for bindings-07:
Tim Moses: 4.1 Web Browser Profiles
Simon Godik: 3.1 SOAP
Irving Reid: 4.2 SOAP Profile
 
 
(9) Prateek to publish bindings-08 during week of December 17.