[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Comments on core-2.0-cd-01
Section 2.6.4 - Line 973 - The definition for <AuthnContext> should acknowledge that its (theoretically) more than just the authentication event. -> 'The context used by the identity provider *up to and including* the authentication event .....'
Section 220.127.116.11 (Lines 2340-2344) - The conditions against which assertions are measured to determine if a <LogoutRequest> should be applied to omits the fundamental requirement of a match against any of BaseID or NamedID or EncryptedID.
Section 18.104.22.168 - (Lines 2439-2440) - typo, missing 'assertion' from ' If the sender is a session participant to which the session authority provided an containing an authentication statement...'
Section 8.3 - urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted missing from list of valid Format values