Hi All, Please find my comments on the SAML AuthZ Service Document in the below: 1. 5.1 Element <ExtendedAuthorizationDecisionQuery> Request Signed Element - How the client should behave if it gets unsigned response although it has requested signed one? - Does a client has a free choice for the behavior? ie. A client may ignore the response if it isn't signed even if it has requested a signed response. 2. 6.1.1 NameIdentifier Element - the NameQualifier element is open for the use by applications? IMO, it is good to make it open for application usage 3. 6.1.2 SubjectConfirmation Element - Does the confirmationMethod still be set to http://www.gridforum.org/ogsa-authz/saml/2004/01/am/gsi? even if the subject confirmation method contains X509 Id cert. - How a responder (authz svc) should behave if the data of a subject is supplied in the SubjectConfirmation Element? Is it required to validate the data? 4. 6.1.4 Action Elements - I think it would be better to define the string representation more specific. The QName of the operation would be better. Hope it isn't late, Takuya Mori ---- Takuya Mori