Shibboleth Developers

[Ian Young <>]

 wrote:

> Please submit any comments by Sept 9, 2005.

Line 254, "rely" probably should be "relying".

Line 173 and line line 238 say that use of an "https" URL as a 
providerId "may be advantageous for metadata publication" but don't call 
out the reason.  I'm assuming that the reason that would be the case (as 
opposed to just using "http" URLs) is that it allows for the relying 
party to be identified and different metadata to be returned for 
different relying parties (round line 655).  If so, it might be worth 
saying this explicitly somewhere.

Section 3.3, and line 715 et seq: although there is a recommendation 
that transient identifiers generated by IdPs are not reused, there isn't 
as far as I can tell any statement either way as to whether a transient 
identifier can only be used by the SP to which it is issued.  Does 
anyone care?

        -- Ian