RE: [security-services] Proposed erratum resolutions

["Scott Cantor" <cantor.2@osu.edu>]

> 	One concern I have with both the proposed resolution is 
> the claim that working with persistent identifiers (8.3.8)
> 
> 	"implicitly results in a new identifier being created during
> 	the handling of most requests"

Oops. I screwed up this text. I meant transient, not persistent. Sorry for
any confusion.

> 	The creation of an identifier as a consequence of SAML 
> 2.0 requests is actually a special and somewhat complicated 
> case quite separable from the use of "persistent" as an ID 
> format; I would be concerned about adding text to core that 
> suggests otherwise.

Well, as a separate consideration, it's worth noting that if you don't think
AllowCreate even matters for persistent (it certainly means nothing if you
don't create on the fly), it's hard to see where it ever would.

-- Scott