Subject: Comments on core-2.0-cd-01
Section 2.6.4 - Line 973 - The definition for <AuthnContext> should acknowledge that its (theoretically) more than just the authentication event. -> 'The context used by the identity provider *up to and including* the authentication event .....'
Section 22.214.171.124 (Lines 2340-2344) - The conditions against which assertions are measured to determine if a <LogoutRequest> should be applied to omits the fundamental requirement of a match against any of BaseID or NamedID or EncryptedID.
Section 126.96.36.199 - (Lines 2439-2440) - typo, missing 'assertion' from ' If the sender is a session participant to which the session authority provided an containing an authentication statement...'
Section 8.3 - urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted missing from list of valid Format values