Child pages
  • SAML2int v2.0
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

GitHub source:

Rendered version:

Issue tracking table

ReporterIssueSubmitter CommentsResponse(s)Disposition
1Rainer HörbeNAThe first paragraph in the introduction should contrast the deployment profile with an implementation profile, and reference the SAML Implementation Profile for Federation Interop for this purpose. The difference between both types of profiles is not widely understood.(Scott) 

I think you may be correct about that and that the text is written with a presumption of the verification approach, and if we didn't specify that (and I don't think we did), it's open to methods that wouldn't have the problem we were concerned about. I think it needs work. Good catch.

2Rainer HörbeSDP-MD02I do not understand the explanation for [SDP-MD02]. If PKI with path validation is being used, there would be no hindrance to roll out new keys, even if metadata and assertions use the same key. I have seen a IDPs that publish their own metadata and the well-know location using the same signing key as for assertions.(Scott) Ouch. Yeah, that's backwards.
3Rainer HörbeSDP-SP03"This will typically imply that requests do _not_ involve a full-frame redirect ..“. In my understanding it is the other way round; in Javascript terms one has to execute "document.location = url;" Also, what is the approach for single page applications?

4Rainer HörbeSDP-SP23I think that the division of IDP-discovery into disco-UI and preference persistence is a significant improvement over the current IDP-Discovery spec, fixing the issue that embedded discovery results are not shared across SPs. See the RA21-proposal: Rumor has it that Leif implemented it in pyFF.




  • No labels