> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Josh Howlett
> >11. In section 7.4.2 - I have a problem with the last bullet point. I > >would be happier if the text looked more like: > > > >Other conditions MAY be included as requested by the Relying Party or > >at the discretion of the Identity Provider. The Identity Provider is > >not obligated to honor the requested set of conditions in the > ><samlp:AuthnRequest>, if any. If the Identity Provider does not honor > >the requested set of conditions is MUST either not return a > ><samlp:Response> message or return a <samlp:Response> message with > an > >error. > > The conditions included by the RP in the request are (SAMLCore section > 3.4.1) "intended as input to the process of constructing the assertion, rather > than as conditions on the use of the request itself". An assertion that include > these conditions can always be discarded by the RP, so I am unclear what > value the new sentence adds? > To me current text says the following. The RP says please do this. The IdP does not do this. The IdP returns an assertion. How does the RP know that the IdP did not do this. The new sentences says. If the IdP is not going to do this - error. Jim _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
