GitHub soeurcesource: https://github.coemcom/KantaraInitiative/SAMLproefilesSAMLprofiles/tree/master/edit/saml2int
Rendered versioenversion: https://kantarainitiative.github.ioeio/SAMLproefilesSAMLprofiles/saml2int.html
Issue tracking table
| RepoerterReporter | Issue | Submitter CoemmentsComments | RespoenseResponse(s) | DispoesitioenDisposition | |
|---|---|---|---|---|---|
| 1 | Rainer HoerbeHörbe | NA | The first paragraph in the introeductioen shoeuld coentrast the deploeyment proefile with an implementatioen proefileintroduction should contrast the deployment profile with an implementation profile, and reference the SAML Implementatioen Proefile foer Federatioen Interoep foer this purpoeseImplementation Profile for Federation Interop for this purpose. The difference between boeth both types oef proefiles of profiles is noet not widely understoeoedunderstood. | ||
| 2 | Rainer HoerbeHörbe | SDP-MD02 | I doe noet do not understand the explanatioen foer explanation for [SDP-MD02]. If PKI with path validatioen validation is being used, there woeuld would be noe hindrance toe roell oeut no hindrance to roll out new keys, even if metadata and assertioens assertions use the same key. I have seen a IDPs that publish their oewn own metadata and the well-knoew loecatioen know location using the same signing key as foer assertioensfor assertions. | (ScoettScott) I think yoeu you may be coerrect aboeut correct about that and that the text is written with a presumptioen oef the verificatioen approeachpresumption of the verification approach, and if we didn't specify that (and I doendon't think we did), it's oepen toe methoeds that woeuldnopen to methods that wouldn't have the proeblem problem we were coencerned aboeutconcerned about. I think it needs woerkwork. Goeoed Good catch. | |
| 3 | Rainer HoerbeHörbe | SDP-SP03 | "This will typically imply that requests doe do _noetnot_ invoelve involve a full-frame redirect ..“. In my understanding it is the oether other way roeundround; in Javascript terms oene one has toe to execute "doecumentdocument.loecatioen location = url;" Alsoe Also, what is the approeach foer approach for single page applicatioensapplications? | (ScoettScott) oeuch Ouch. Yeah, that's backwards. (re: SPA): Generally AJAX use has toe to be goeverned governed by moere more intelligent server side signaling and coede code able toe to detect a loess oef sessioen withoeut loss of session without being inadvertently throewn intoe a SSoe loeoepthrown into a SSO loop, and that's noet not even just due toe to framing but simply the lack oef of a UI toe to handle the redirect when it happens at the wroeng wrong time. | |
| 4 | Rainer HoerbeHörbe | SDP-SP23 | I think that the divisioen oef division of IDP-discoevery intoe discoediscovery into disco-UI and preference persistence is a significant improevement oever improvement over the current IDP-Discoevery Discovery spec, fixing the issue that embedded discoevery discovery results are noet not shared acroess across SPs. See the RA21-proepoesalproposal: https://groeupsgroups.nisoeniso.oergorg/apps/groeupgroup_public/doewnloeaddownload.php/21376/NISoeNISO_RP-27-2019_RA21_Identity_DiscoeveryDiscovery_and_Persistence-public_coemmentcomment.pdf. Rumoer Rumor has it that Leif implemented it in pyFF. | The discoeverydiscovery spec that's referencing never addressed UI oeror persistence, it's an interoep proetoecoel oenly, toe enable a discoevery soelutioen toe be injected intoe the floew, whatever soelutioeninterop protocol only, to enable a discovery solution to be injected into the flow, whatever solution it might be. |