[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: commets on sstc-saml-core-2.0-draft-06.pdf
Comments below: John ******************************* - lots new terms are defined and used: "session authority, session participant, identity provider etc etc) For the reader it would use useful to define these terms more clearly - and perhaps up front (or at least refer out to the glossary) - line 203. bindings and profiles documentation now split - line 740 SessionIndex. Would like to see this better defined. Why called SessionIndex - would not SessionID be a clearer term? - line 1095 Consent. To assist in interoperability should this not be defined as boolean? - 3.2.2.2 Unknownprincipal, InvalidNameIDFormat InvalidConfirmingSubject and unsupported binding status codes missing that are defined later in doc. - 3.2.2.2 How about some other status codes - including unsupported operation (e.g particular request protocol not supported) - line 1368 and 1405 "Rules in Section Response". what does this mean? is a word missing? - 3.3.4.1 - perhaps re-title as "processing rules" to be consistent with new sections of other protocols - line 1395 unnecessary 4.2 section marker? - 3.3.3.4 AuthzDecisonQUery - also include warning re support for authz dec statments - and queries?? - line 1504 - Reqest -> Request - 3.4 Whilst using the term Replying Party - not using Asserting Party else where in doc. Hence mixing the IdP/SdP Asserting/Relying definition sets. Do we mean to do this? - line 1510 responder -> identity provider? - line 1525. to be clear: "issuer" -> "request issuer" - lines 1536/1537 - not described how this is determined - e.g Subject in the RequestType? - lines 1533-1580 - is it allowable to have all of these optional elements/attributes absent? - 3.4.1. definitions of IDPList IDPEntry RequestChain missing from list of elements/attributes - 3.7 Font of this section wrong - 3.7.1 session authority not defined in previous section - line 1966 "service providers" -> replying parties? - line 2011 Session Participant Rules on new line as title? - 3.7.3.1 no text describes processing if a session participant does not get back the LogoutResponse - 5.4.7 what about 1.1 interoperability - 5.4.8 Given that implementation difficulty of combining signed assertions inside signed response do we want to a) say anything - and perhaps say not required b) have a simpler example - 7.1 include a DCE AuthenticationMethod identifier - 7.3 include Kerberos NameIdentiofier - 7.3 include DCE NAmeIdentifier
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]