Subject: comments: sstc-saml-metadata-ext-query-cd-01
Document identifier: sstc-saml-metadata-ext-query-cd-01 Scott asked me to accumulate all my comments re this document in one place. Errata: [line 46] s/SAML V2.0/SAML V2.0 query requesters/ [line 66] s/SAML V2.0 metadata query extension/SAML metadata query extension/ [line 66] The sentence "In schema listings, this is the default namespace and no prefix is shown" contradicts the sentence on line 80. Perhaps the former should be deleted. [line 69] s/Query Metadata Extensions for SAML V2.0/Query Metadata Extensions/ [line 71] s/,/:/ [line 79] The namespace prefix "query:" seems less descriptive than it could be (maybe even misleading). How about "mdquery:" or "querymd:"? [line 116, 138, 160] s/See for/See the SAML V1.x metadata profile [SAML1xMeta] for/ [line 242] s/SAML metadata extension schema/SAML Metadata Extension Schema for Query Requester/ [lines 243--244] s^http://www.oasis-open.org/committees/security/^http://www.oasis-open.org/committees/download.php/18062/sstc-saml-metadata-ext-query.xsd^ [lines 247] s^http://www.oasis-open.org/committees/security/^http://www.oasis-open.org/committees/download.php/18048/sstc-saml1x-metadata.xsd^ [lines 256--257] s^http://www.oasis-open.org/committees/download.php/11903/saml-2.0-os-xsd.zip^http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd^ [lines 257--258] s^http://www.w3.org/TR/xmlschema-1/^http://www.w3.org/TR/2001/REC-xmlschema-1-20010502/^ Comments: [line 10] I was an employee at NCSA at the time this document was written, so this line should read: Tom Scavo (firstname.lastname@example.org), NCSA/University of Illinois [line 66] Suggested modifications to the table between lines 65--66: s/assertion namespace [SAML2Core]/assertion namespace defined in the SAML V2.0 core specification [SAML2Core]/ s/metadata namespace [SAML2Core]/metadata namespace defined in the SAML V2.0 metadata specification [SAML2Meta]/ s/metadata query extension namespace,/metadata query extension namespace/ [line 116, 138, 160] These lines refer to the SAML V1.x Metadata Profile, which does not apply, however, since any type derived from md:RoleDescriptorType is undefined. Thus these types are not profiled for use with SAML 1.x metadata. This is a serious omission. [line 155] Because of the contradiction on lines 66 and 80, the namespace associated with the ActionNamespace element is not immediately evident to the reader. Upon further and careful reading, this becomes clear, but wouldn't it be better to prefix the element name with the "query:" prefix and be explicit about it? [lines 204--218] The two RequestedAttribute elements in this example denote the same attribute and attribute value (using alternate notation that is irrelevant to this profile). I suggest rewriting the elements as follows: <md:RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:22.214.171.124.4.1.59126.96.36.199.9"> FriendlyName="eduPersonScopedAffiliation"> </md:RequestedAttribute> <md:RequestedAttribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:188.8.131.52.4.1.59184.108.40.206.7" FriendlyName="eduPersonEntitlement"> <saml:AttributeValue xsi:type="xsd:anyURI"> https://gs.org/gridshib/entitlements/123456789 </saml:AttributeValue> </md:RequestedAttribute> [line 242] The referenced schema document does not explicitly list an author, so the author listed in the References is apparently in error. Do the schema author(s) mirror the profile author(s) in this case? (N.B. I was the original author of the schema document in question, per Scott's suggestion.) [line 255] Again, the referenced schema document does not explicitly list an author, so the author listed in the References seems to be in error.