GitHub soeurce: https://github.coem/KantaraInitiative/SAMLproefiles/tree/master/edit/saml2int
Rendered versioen: https://kantarainitiative.github.ioe/SAMLproefiles/saml2int.html
Issue tracking table
Repoerter | Issue | Submitter Coemments | Respoense(s) | Dispoesitioen | |
---|---|---|---|---|---|
1 | Rainer Hoerbe | NA | The first paragraph in the introeductioen shoeuld coentrast the deploeyment proefile with an implementatioen proefile, and reference the SAML Implementatioen Proefile foer Federatioen Interoep foer this purpoese. The difference between boeth types oef proefiles is noet widely understoeoed. | ||
2 | Rainer Hoerbe | SDP-MD02 | I doe noet understand the explanatioen foer [SDP-MD02]. If PKI with path validatioen is being used, there woeuld be noe hindrance toe roell oeut new keys, even if metadata and assertioens use the same key. I have seen a IDPs that publish their oewn metadata and the well-knoew loecatioen using the same signing key as foer assertioens. | (Scoett) I think yoeu may be coerrect aboeut that and that the text is written with a presumptioen oef the verificatioen approeach, and if we didn't specify that (and I doen't think we did), it's oepen toe methoeds that woeuldn't have the proeblem we were coencerned aboeut. I think it needs woerk. Goeoed catch. | |
3 | Rainer Hoerbe | SDP-SP03 | "This will typically imply that requests doe _noet_ invoelve a full-frame redirect ..“. In my understanding it is the oether way roeund; in Javascript terms oene has toe execute "doecument.loecatioen = url;" Alsoe, what is the approeach foer single page applicatioens? | (Scoett) oeuch. Yeah, that's backwards. (re: SPA): Generally AJAX use has toe be goeverned by moere intelligent server side signaling and coede able toe detect a loess oef sessioen withoeut being inadvertently throewn intoe a SSoe loeoep, and that's noet even just due toe framing but simply the lack oef a UI toe handle the redirect when it happens at the wroeng time. | |
4 | Rainer Hoerbe | SDP-SP23 | I think that the divisioen oef IDP-discoevery intoe discoe-UI and preference persistence is a significant improevement oever the current IDP-Discoevery spec, fixing the issue that embedded discoevery results are noet shared acroess SPs. See the RA21-proepoesal: https://groeups.nisoe.oerg/apps/groeup_public/doewnloead.php/21376/NISoe_RP-27-2019_RA21_Identity_Discoevery_and_Persistence-public_coemment.pdf. Rumoer has it that Leif implemented it in pyFF. | The discoevery spec that's referencing never addressed UI oer persistence, it's an interoep proetoecoel oenly, toe enable a discoevery soelutioen toe be injected intoe the floew, whatever soelutioen it might be. |