Re: [saml-dev] MNI and SLO

[Scott Cantor <cantor.2@osu.edu>]

Hideki YOKOTA wrote:
> but I'm not sure an intent of "[E55]using the *primary* identifier."
> at line 2626.

All of the language in the errata is trying to say that the only 
identifier affected by any of the processing is the exact value that was 
used by the IdP in that exchange. The IdP and SP don't have to deal with 
the fact that the same principal could have multiple shared NameIDs 
between the two parties. You don't have to ripple the changes across all 
possible names for a principal.

> For example, SPProvidedID is "abc" currently, then SP requests MNI
> with "xyz" in <NewID>.
> After that  if IdP wants to request SLO, which id should be used in
> SLO? "abc" or "xyz"?

In the SPProvidedID, it uses xyz, but the NameID itself is whatever it 
originally was. None of that pertains to the errata, really, that's just 
standard processing.

-- Scott