[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] PE2 and <ArtifactResolutionService>
> The text in SAMLProf at para (Line 639), however, is just > another bare statement in the conjunction set that is the > specification ... unlike all the other appearances of Metadata > uses, including in the numbered Metadata sections, each > use/para of which is couched in a bed of SHOULD/MAY > conditionals and non-normative text. You're right, when you mentioned PE2, I was confusing this text with my suggested addition to bindings. This statement is a little strong and probably should have been qualified. > Perhaps that "if you do use it" text you mention should be > added there (e.g. if the artifact issuer does use metadata > as specified in [SAMLMeta])? Yes. > What do you think, as well, of adding in SAMLMeta text some > text about this in SSODescriptorType, for any entity delivering > requests or responses using HTTP Artifact ... in parallel to > the way SingleSignOnService is couched, wrt to any SAML authority > that supports the Authentication Request protocol (aka IDP)? Probably. As the errata noted, this could go on essentially endlessly where metadata is concerned, and I don't think anybody is supplying the cycles to do this work right now, but volunteers are welcome. Adding a ton of clarifications though is really more than errata and could be addressed for now as implementation guidelines, something else that needs volunteers. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]