RE: [imi] IMI TC Minutes, Oct 15th 2009

["Scott Cantor" <cantor.2@osu.edu>]

I've started working on the profile revisions, and wanted to correct a few
things in the minutes.

> In 2.3.3, why  is the AuthnStatement mandatory, rather than optional?
> 
> AttributeStatement cannot be required, it would require some statement to
> always be present which would be odd

The issue isn't requiring a statement, but requiring an Attribute. An
AttributeStatement has to have >=1 Attribute, so a fixed claim would have to
be assumed.

> SAML protocol always requires  AuthnStatement, so this requirement aligns
> nicely with those existing implementations

It's the SAML Authentication Protocol that always requires an
AuthnStatement. Other SAML protocols have different assumptions (and don't
even involve assertions in some cases).

> Section 2.5 on metadata, Scott has reviewed the WSFed text on metadata and
> believes this is clear enough that no other changes are required

I would phrase this as me having concluded that the existing minimal profile
is sufficient for accomplishing my goal, which is to facilitate adoption of
IMI by SAML implementations, which is somewhat distinct from WS-Fed's
broader goals.

> Should have a new draft before next call

Hopefully I'll manage this, but I probably will not be on the call due to a
conflict. Shouldn't matter since I wasn't able to get a new draft out last
week.

-- Scott