The initial 0.1 draft of the saml2int profile reformatted for Kantara is here.
Suggested Changes (from older discussions amongst Ian/Scott/Andreas):
- Add to section 3 after line 85:
Any
<md:RequestedAttribute>elements representing attributes to be exchanged using SAML 2.0 MUST have aNameFormatof"urn:oasis:names:tc:SAML:2.0:attrname-format:uri". Additional<md:RequestedAttribute>elements MAY be present if they are to be used in other protocols and include appropriate NameFormat values. The NameFormat attribute MUST NOT be omitted on any such elements.
- Modify section 6.1, lines 147-148:
Identity Providers MAY omit the verification of signatures in conjunction with this binding, and SHOULD NOT impose a requirement for signed requests. Identity Providers MAY support enhanced functionality in the presence of signed requests.