[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: comments re draft-sstc-saml2-infocard-01
Document ID: draft-sstc-saml2-infocard-01 Comments: [lines 186--188] Granted, section 3.4 of [SAML2Core] says that "A SAML authority that supports this protocol is also termed an identity provider" but that doesn't preclude an IdP from supporting other protocols, does it? Where does it say that an IdP is an "entity that issues authentication assertions"? I think that definition is too restrictive. The definition I often give (correct or not) is that an IdP is a producer of assertions. You can fiddle with words a little bit, but I think that's the correct level of generality. [lines 212--217] This requirement seems to be more trouble than it's worth. Why not just map each and every such claim to a <saml:Attribute> element? [lines 241--242] If an Address XML attribute is included, what does the RP need to do about it, if anything? More generally, what does the RP need to do to confirm the subject? (This is a glaring omission, I think.) [lines 243--247] The normative language regarding the Recipient XML attribute amounts to a meaningless requirement. On the one hand, it's a MUST (that depends on a condition no less), but then in the next sentence it's a SHOULD NOT. This paragraph needs to be cleaned up, I think. [lines 254--256] This is a meaningless requirement since the MUST depends on a condition. I suggest you remove the condition and reformulate the requirement. [lines 262--265] This paragraph is confusing since the SHOULD and the MUST seem to contradict each other. The condition on the SHOULD doesn't help, either. [lines 298--299] I don't believe [SAML2Prof] has anything to say about confirmation of subjects, so I believe you need to spell this out. [lines 306--307] I don't understand this sentence. I guess I don't know what "in the manner described by [ISIP]" means. Is this really a requirement about the use of SAML metadata or is it something else? Suggested edits: [line 15, 105, 161, 166, 167, 178, 179, 195, 269, 275, 302] s/SAML 2.0/SAML V2.0/ [line 131] Italicize "Assertions". [line 181] s/safe,/safe/ [line 188] Expand "IP/STS". [line 211, 268] s/e.g./e.g.,/ [line 226, 239] s/"Holder of Key"/holder-of-key/ [line 237] s/limit its/limit their/ [line 281, 285] s/i.e./i.e.,/ [line 284] s/RequestSecurityTokenTempplate/RequestSecurityTokenTemplate/ [line 303] s/as a supplement/and as a supplement/ [line 329] s/Acknowledgements/Acknowledgments/ Tom Scavo NCSA
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]