Re: Off-topic: Re: Comments on Auth 2.0 - Pre-Draft 11

As a general point and FWIW, capitalized (RFC 2119) uses of MUST, SHOULD, etc. are meant to make it easy to form testable assertions for compliance-checking. It's best to avoid redundant normative spec content, though sometimes repetition or restatement in the right places can reinforce a

Re: OpenID Signed Assertions 1.0 - Draft 1

Hi folks-- There certainly seems to be some convergentness in the air here! Below is a very quick analysis/comparison of the two docs. Hopefully some of us can discuss in detail in person this week... I'm intrigued by the use in Dick's profile of ...:entity as the NameID Format for OpenID

Re: IdP vs OP (WAS: RE: Editors Conference Call)

Just to be clear, identity provider in SAML isn't intended to mean that this system entity is providing an identity to a digital subject -- it means that this system entity is providing identity information (specifically verification/authentication info) to a relying party/service provider.