Skip to Content.
Sympa Menu

shibboleth-dev - comments: draft-mace-shibboleth-arch-protocols-09

Subject: Shibboleth Developers

List archive

comments: draft-mace-shibboleth-arch-protocols-09


Chronological Thread 
  • From: Tom Scavo <>
  • To: Shibboleth Development <>
  • Subject: comments: draft-mace-shibboleth-arch-protocols-09
  • Date: Sat, 2 Apr 2005 16:05:39 -0500
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=Vge20IKKuEKEPSgSIoA4lTNVNDrVQR5aAPWJI6lfp5XRcPOXRstaH3ZnfKGFBBvXh1fvi+rSTpyr7ezCqsF3vButb76xDMF+KuAKhDyA1wNKXTMk6+tVlB++6fLgfm2+2u2UZJoE3RtGg02qQpvku3x7XOaQYBaNtMLOP3xHb3c=
document: draft-mace-shibboleth-arch-protocols-09

[lines 511--512] Replace this sentence with "If the requesting entity
is a service provider, the Resource attribute of the
<samlp:AttributeQuery> element MUST contain the service provider's
unique identifier."

[lines 537--539] Replace this sentence with "If the requesting entity
is a service provider, any assertions returned by the identity
provider SHOULD contain a <saml:AudienceRestrictionCondition> element
containing a <saml:Audience> element whose value is the service
provider's unique identifier."

[line 598] The URI mentioned here should also be mentioned in sections
3.4.5 and 3.4.6 in conjunction with the <md:RequestedAttribute>
element.

Comments/Questions:

- In section 3.2.2, what should be the value of the Resource attribute
if the requesting entity is not a service provider?

- In section 3.2.2, what are the requirements (if any) with respect to
<saml:AttributeDesignator> elements? Is there a specified
relationship between the <saml:AttributeDesignator> elements and any
<md:RequestedAttribute> elements listed in metadata?

- In section 3.2.3, what should be the value of the <saml:Audience>
element if the requesting entity is not a service provider?

Archive powered by MHonArc 2.6.16.

Top of Page