Where is Source ID for
Artifact source?
Per Liberty specifications, the source ID is a SHA-1 hash of the
provider ID, which is a required attribute of the
source
Where is the designation
for Issuer?
The issuer of a SAML assertion MUST have the same value of the
provider ID.
Why would a destination
(Service Provider) that supports both browser profiles have to provide two
descriptors?
This is required to avoid designating a new element
"ArtifactReceiverURL". I.e., we have overloaded AssertionConsumerURL for both
browser profiles.
Where is the designation
for NameIdenifierFormat?
It is not explicitly designated. It can be specified in
the catch-all "Extension" element.
What happened to the
various trust models?
In the interest of time I have not specified trust
models. Given the practical experience with two interops, it appears that
exchanging SSL certificates (both client and server) is the de facto trust
model.
Thanks,
Jahan