...
- Modify section 6.1, lines 147-148:
Identity Providers MAY omit the verification of signatures in conjunction with this binding, and SHOULD NOT impose a requirement for signed requests. Identity Providers MAY support enhanced functionality in the presence of signed requests.
- In section 2, the first three syntax examples use placeholder names while the last one uses a real element name. Should be made consistent. If we use the placeholder names, prefer ProtocolElement rather than Protocolelement.
- Line 70, s/its entity/their entities
- Line 73, s/its metadata/their metadata
- Lines 91-93: no consensus yet on what to say here, but there are interop issues associated with not offering encryption keys even when TLS isn't used. This is one of the spots to revisit in light of recent events.
- In section 6.1, line 150, several of us felt TLS should be a MUST for the IdP. Andreas hadn't responded on that question.
- In section 7.2, lines 197-198, reword as "MAY contain one <saml2:AttributeStatement> element".