[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Groups - sstc-saml-x509-authn-based-attribute-protocol-profile-2.0-draft-06-diff.pdf uploaded
Sorry these comments are a bit late... General comment...I'd suggest qualifying the elements in the profile using saml: and samlp: just for clarity. Lines 44-45: Same as the XPath profile comments, I think based on proposed practice, the URIs should be: urn:oasis:names:tc:SAML:profiles:query:attributes:X509-basic urn:oasis:names:tc:SAML:profiles:query:attributes:X509-encrypted Line 83, I would append "through unspecified means". Line 108, I would change to: The <AttributeQuery>, <Response>, and <Assertion> MAY be signed using this mode. Lines 109-111, suggested text: "The service provider and identity provider MAY use metadata in support of this profile for locating endpoints, communicating key information, etc. If SAML 2.0 metadata is used, the <md:AttributeAuthorityDescriptor> element in [SAMLMeta] and the mdext:AttributeRequesterDescriptorType complex type in [SAMLMeta-Ext] SHOULD be used with this profile. Line 122: should this say "any enclosed <Assertion> elements" instead? Line 135: the SP has no way to communicate additional conditions in its query, so I would strike that part and just say "MAY be included at the discretion of the identity provider". Line 151-153: same metadata text as lines 109-111. Line 200: should this say "any enclosed <Assertion> elements" instead? Line 218, same comment as line 135. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]