Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

The initial 0.1 draft of the saml2int profile reformatted for Kantara is here.

Suggested Changes (from older discussions amongst Ian/Scott/Andreas):

  • Add to section 3 after line 85:

    Any <md:RequestedAttribute> elements representing attributes to be exchanged using SAML 2.0 MUST have a NameFormat of "urn:oasis:names:tc:SAML:2.0:attrname-format:uri". Additional <md:RequestedAttribute> elements MAY be present if they are to be used in other protocols and include appropriate NameFormat values. The NameFormat attribute MUST NOT be omitted on any such elements.

  • Modify section 6.1, lines 147-148:

    Identity Providers MAY omit the verification of signatures in conjunction with this binding, and SHOULD NOT impose a requirement for signed requests. Identity Providers MAY support enhanced functionality in the presence of signed requests.

  • In section 2, the first three syntax examples use placeholder names while the last one uses a real element name. Should be made consistent. If we use the placeholder names, prefer ProtocolElement rather than Protocolelement.
  • Line 70, s/its entity/their entities
  • Line 73, s/its metadata/their metadata
  • Lines 91-93: no consensus yet on what to say here, but there are interop issues associated with not offering encryption keys even when TLS isn't used. This is one of the spots to revisit in light of recent events.
  • In section 6.1, line 150, several of us felt TLS should be a MUST for the IdP. Andreas hadn't responded on that question.
  • In section 7.2, lines 197-198, reword as "MAY contain one <saml2:AttributeStatement> element".
  • No labels