[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: comments: sstc-saml-holder-of-key-browser-sso-draft-02
Nate posed the following questions on the last call: > Feedback is requested on whether to integrate sections 2.4 and 2.5 of this draft for simplicity, or to leave them separate so that message processing is distinct from messaging. Well, yes, I suspect section 2 might be better organized. The following comments may suggest an appropriate reorganization: - Elaborate on the conformance section (1.3). What sections are normative? Specifically, what sections apply to the IdP and what sections apply to the SP? - The introduction to section 2.4 directs the reader to various subsections depending on the deployment scenario. For this to work, however, the subsections need to be rewritten so that they are independent of one another. In particular, section 2.4.4 must be independent of sections 2.4.1--2.4.3 and section 2.4.5 must be independent of sections 2.4.1--2.4.4. More importantly, the introduction doesn't mention the subsections in section 2.5 at all. Finally, section 2.6 seems out of place and section 2.7 might be taken out of section 2 altogether. > Widening or narrowing of this profile to encompass or clarify use cases would be considered. I suggest bringing IdP Discovery within scope of this profile. (See lines 216--218 and 273--277.) The presented X.509 certificate could be profiled to carry the entityID of the user's preferred IdP. Assuming the certificate is self-signed (which is a reasonable assumption unless X.509 authentication is used), it may be constructed to simultaneously preserve privacy and to facilitate discovery. The SP need not be required to support IdP Discovery via X.509, but profiling it here (which is a natural extension of this profile) will promote interoperability for those SPs that do. > All other review and comment is gratefully accepted! See the previous messages in this thread for comments. Tom
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]