RE: [security-services] detailed comments on sec 4.2 Enhanced Client and Proxy (ECP) Profile ofsstc-saml-profiles-2.0-draft-17

["Scott Cantor" <cantor.2@osu.edu>]

> hmmm. maybe in terms of the detailed I should just copy-edit this section
> and put it out for review? Or were u going to go thru it in 
> detail  Scott? My understanding is that you haven't yet done so,  thus the

> present roughness.

Well, I've done several passes, but it's one of the more "mixed" authorship
sections, probably why it's a little schizo. I would just say take an
editing pass if you're willing.

> 1. We should re-number the steps in the profile since there are steps --
> such as the IDP or ECP or SP doing something -- that are called 
> out in the revised diagram (see the first figure in the 
> sstc-saml-profiles-2.0-figures-02.pdf 
> file, which I just filed in Kavi [1]).

Yes, I think John H. suggested this, I was going to take a stab at it.

> 2. having the rather long and detailed subsections describing header block

> composition interspersed amongst the descriptions of the protocol steps is

> suboptimal (to me) -- it interferes with understanding the profile's
> stepwise flow. I suggest having a subsection with the protocol step 
> definitions (as sub-sub-sections) and then having another subsection 
> describing the header blocks, and xref from the former into the latter as
> necessary.

Agreed, and this is more consistent with the other profiles.

-- Scott