The
TokenIssuerName Element in the fed metadata document overlaps with information
in SP and should be removed. This impacts the definition of
TokenIssuerNamesOffered which references TokenIssuerName. The proposal below
covers the update to TokenIssuerNamesOffered.
Proposal:
Update section 3.1.4
IssuerNamesOffered Element as follows.
Change:
To facilitate this, federated
metadata provides the <fed:IssuerNamesOffered> element to indicate the
logical names associated with an issuer and the <fed:TokenIssuerName>
element (described below) to indicate that a Relying Party needs a token from a
specific class of issuer.
To:
To facilitate this, federated
metadata provides the <fed:IssuerNamesOffered> element to indicate the
logical names associated with an issuer and the <sp:TokenIssuerName>
element (described in [WS-SecurityPolicy]) to indicate that a Relying Party
needs a token from a specific class of issuer.
Change:
That is, when a Relying Party
indicates a logical name for a token issuer using the
<fed:TokenIssuerName> element this element can be used as a correlation
mechanism by clients.
To:
That is, when a Relying Party
indicates a logical name for a token issuer using the
<sp:TokenIssuerName> element in a token assertion the
<fed:IssuerNamesOffered> element can be used as a correlation mechanism
by clients.
Remove section 3.1.5
TokenIssuerName.
Remove “This element MAY
be specified even if the <fed:TokenIssuerName> element is
specified.” From section 3.1.6