RE: [security-services] Comments: sstc-saml1x-metadata-cd-01

["Scott Cantor" <cantor.2@osu.edu>]

> Comments/Suggestions:
> 
> [line 111] Why is <md:AffiliationDescriptor> precluded?

It has zero meaning in SAML 1.1.

> [lines 117--119] Rewrite this sentence.

Why?

> [lines 165--167] I do not understand this sentence.

Artifacts in SAML 1.x are not indexed by endpoint. All endpoints are assumed
to be equivalent and MUST share state. Therefore, index being a required
schema element deserves a note to the effect that the value means nothing.

> [line 200] The <md:ArtifactResolutionService> endpoint element should
> also be undefined, right?

Yeah, good catch.

> [general] Why is the <md:AssertionIDRequestService> element allowed by
> this specification?  There is no AssertionIDRequest in SAML V1.x.
> There is an AssertionIDReference but there is no corresponding service
> at the IdP.

Sure there is. SAML 1.x supports query by ID. It's buried inside SAMLRequest
as an option, just like Query and AssertionArtifact.

-- Scott