List of core-06 changes

[Scott Cantor <cantor.2@osu.edu>]

There was some concern expressed on the focus call about the lack of
explicit notice of some of the proposals and solutions being added to core
without separate documentation.

It's mostly a question of expedience and style (I prefer to write something
up in relatively complete prose and have a chance to address some of the
ripples when I write it). I also proof the spec this way because I re-read
it over and over as I add things and catch little mistakes.

But so there's no confusion, here are the things John K and I added to the
last draft:

- added an AssertionURIReference element and placed it into the schema
alongside AssertionIDReference in places like Advice and Evidence

- took John Hughes suggestion and proposed moving Signature in Assertion to
match its relative location in the Request and Response types

- removed my own proposed NotBefore/After attributes to
BaseNameIdentifierType to address the fact that they don't work as intended,
as Hal pointed out

- added a drafty AuthnRequest/Response protocol with some early work on
processing rules, some of which was discussed on the call

- added a ProxyRestrictionCondition to suggest a general approach to
constraining "secondary use" of assertions to issue other assertions, needs
discussion, might be eliminated or turned into something else

- clarified language around use of Name Registration protocol to emphasize
that it's only needed with federated identifiers

- added FederationTerminationRequest/Response that informs providers when a
federated identifier is being discontinued

- added LogoutRequest/Response protocol (John added this) and some related
changes like adding a SessionIndex to all statements

-- Scott