Fwd: comments: draft-sstc-saml-metadata-ext-query-02

["Tom Scavo" <trscavo@gmail.com>]

[This is resend; the original is not visible in the archives.]

---------- Forwarded message ----------
From: Tom Scavo <trscavo@gmail.com>
Date: Aug 1, 2006 3:07 PM
Subject: comments: draft-sstc-saml-metadata-ext-query-02
To: oasis sstc <security-services@lists.oasis-open.org>


Document identifier: draft-sstc-saml-metadata-ext-query-02

Previous comments are quoted below for context.  Unquoted comments
refer to the new document above.

On 7/7/06, Tom Scavo <trscavo@gmail.com> wrote:
> Document identifier: sstc-saml-metadata-ext-query-cd-01
>
> [line 66] s/SAML V2.0 metadata query extension/SAML metadata query extension/

[line 68] It's misleading to call this "SAML V2.0 metadata query
extension" since the profile applies to both V1.1 and V2.0 query
requesters.

> [line 66] The sentence "In schema listings, this is the default
> namespace and no prefix is shown" contradicts the sentence on line 80.
>  Perhaps the former should be deleted.

I see what you did to clear this up, and I agree.

> [line 69] s/Query Metadata Extensions for SAML V2.0/Query Metadata Extensions/

[line 71] Again, the phrase "SAML V2.0" is misleading.

> [line 79] The namespace prefix "query:" seems less descriptive than it
> could be (maybe even misleading).  How about "mdquery:" or "querymd:"?

Okay, your choice.

> [lines 243--244]
> s^http://www.oasis-open.org/committees/security/^http://www.oasis-open.org/committees/download.php/18062/sstc-saml-metadata-ext-query.xsd^
>
> [lines 247] s^http://www.oasis-open.org/committees/security/^http://www.oasis-open.org/committees/download.php/18048/sstc-saml1x-metadata.xsd^

Okay, but a link to the SSTC home page does little to help the user
locate the document.

> [lines 257--258]
> s^http://www.w3.org/TR/xmlschema-1/^http://www.w3.org/TR/2001/REC-xmlschema-1-20010502/^

[line 277] s^http://www.w3.org/TR/xmlschema-1/^http://www.w3.org/TR/2001/REC-xmlschema-1-20010502/^

> [line 116, 138, 160] These lines refer to the SAML V1.x Metadata
> Profile, which does not apply, however, since any type derived from
> md:RoleDescriptorType is undefined. Thus these types are not profiled
> for use with SAML 1.x metadata.  This is a serious omission.

After reading the latest version of the SAML V1.x Metadata Profile, I
don't see how this problem has been fixed.

> <md:RequestedAttribute
>   NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
>   Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9">
>   FriendlyName="eduPersonScopedAffiliation">
> </md:RequestedAttribute>

[lines 215--219] I'm sorry, I introduced an error into the above
example.  Can you delete the extraneous right angle bracket (>)?

Some additional comments:

[line 2, 33, 68, 71] As mentioned above, it's misleading to use the
phrase "SAML V2.0" in this context since the profile applies to both
V1.1 and V2.0 query requesters.

[line 2, 71] s/SAML 2.0/SAML V2.0/

[table on line 68] The sentence "This is the SAML V2.0 metadata
namespace defined in the SAML V2.0 metadata specification
[SAML2Meta]." conflicts with phrases introduced in the latest versions
of other documents.

[line 71] s/SAML 2.0/SAML V2.0/

[line 257] s/SAML Metadata Extension Schema/SAML V2.0 Metadata Extension Schema/

Tom