Public Comments

The following documents underwent Public Review between 14 April 2010 and 13 June 2010:

See the OASIS official announcement for details about this Public Review.

The comments received during the Public Review period are itemized below.

SAML V2.0 Identity Assurance Profiles Version 1.0

The following comments were received.

Comment 1

Reference

http://lists.oasis-open.org/archives/security-services-comment/201005/msg00000.html

From
Martin Chapman
Comment
Line 29/30 : change “It relies the features…” to “It relies on the features…”
Disposition
Obviated by subsequent editorial changes.


Comment

Line 33: no namespace. Line number 123 say “defines a restricted version of the AuthnContext schema”. Would it not make sense to put this in its own namespace to avoid confusion with the original? There is usually some mechanism used to be able to identify when a profile is being used.

Comment
Line 207 thru 210: This template has no introduction or description, so I have no idea what it is saying.
Comment
Line 211, section 2.2. There is no normative requirement in this section. Is this intentional?
Comment
Line 340: this is the ONLY normative MUST I see in the whole document (excluding the conformance section). I think there is more going on in this spec than a single MUST, but I can’t figure that out.
Comment
Line 387: conformance. I would like to see references back to the relevant sections in 2 and 3 somewhere in 4.1/4.2 as its not explicitly clear what is in this profile.
Disposition
The section describing the use of context classes has been recast as a non-normative set of guidelines and examples, rather than a formal profile. As such, no namespace is being defined, and no schema is being proposed other than as example material. The section has been substantially re-edited to reflect this change.


Comment
Line 171: “When these words are not capitalized, they are meant in their natural-language sense.” This is in violation of RFC2119. Use other words in non-normative text.
Disposition
No such restriction was found in RFC 2119, so this change was not made.


Comment
Line 389: implementations of what? Please clarify.
Disposition
The conformance language has been revised to reflect the fact that only metadata publishers and consumers are obligated by the normative content of this profile.


Comment
There needs to be some more tying together of sections 2, 3 and 4 so it is obvious that they are defining something that is a coherent profile.
Disposition
The introductory text and abstracts have been revised to address this concern.

PublicComments20100414-20100613 (last edited 2010-07-13 20:22:23 by cantor.2)