All,
I just posted an updated SAML profile with all the fixes to the SAML
profile we have discussed recently.
One thing worth noting is that when we discussed the issue of policy
references and supplied policies, we were only considering the case when
policies are provided with an Authz Query. But there is also the issue
of policy references in the policies in an XACML policy assertion in
general.
I think that it really depends on what the policy assertion is used for
how one wants to resolve policy references. So I have added this to the
policy assertion section:
--8<--
5.7 Policy references and Policy assertions
It may be noted that in relation to a policy assertion, there are three
broad classes of policies to consider when resolving policy references:
the top level policy in the policy assertion, the policies in the