[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Another attempt at AllowCreate cleanup
A few little comments/suggestion are inline below. Overall, however, I think this text from Scott significantly clarifies things. > -----Original Message----- > Replace definition of AllowCreate, lines 2123-2129: > > "A Boolean value used to indicate whether the requester grants to the > identity provider, in the course of fulfilling the request, permission to > create a new identifier or to associate an existing identifier > representing > the principal with the relying party. Defaults to "false" if not present > or > the entire element is omitted." I don't really like the use of the word 'permission' here. I took a shot at rewording it but I'm not sure it's any better. Here's what I came up with (an alternative replacement for lines 2123-2129 of core): "A Boolean value used by the requester to indicate its desire that, in the course of fulfilling the request, the identity provider be at liberty to create a new identifier or to associate an existing identifier representing the principal with the service provider. Defaults to 'false' if not present or the entire element is omitted." > Replace lines 2475-2479 with: > > --- > > "If the <Terminate> element is included in the request, the requesting > ... Do you mean replace the whole paragraph on lines 2475-2480? > Brian and I both seemed to agree that one mistake we made was not carving > out SP-initiated NIM in conformance. Because that's the most explicit > indication of persistent state maintainence in the spec, so the real > difference between lightweight and basic was probably there. Agreed. --Brian
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]