[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Need for more specificity in issuer language
The section on relying parties identifying token issuers
currently says: When identifying a requirement for a specific token issuer,
the relying party SHOULD use the identity provider's unique name (i.e., its
"entityID"). This doesn’t specify which protocol elements are being
referred to. This is the corresponding language I’m using in the
1.1 profile: When identifying a requirement for a specific token issuer,
the Relying Party SHOULD use the Identity Provider's unique name (i.e., its
"entityID") either as the value of the sp:Issuer/wsa:Address
element in its security policy or as the value of the issuer
object tag parameter. I believe that we should use that in the 2.0 profile as
well. --
Mike |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]