I've uploaded a new version of the SAML authorization profile (dated today, June 8th, urls below). This version has a number of corrections in that the previous version of the document had contradictions between sections or underspecification in places. I've confirmed with both the major implementors (Globus and PERMIS) that they both have the same interpretations of the ambiquities and captured those in the new document. A complete list of changes is appended. Given the scope of changes, I propose that the group be given until the upcoming GGF to comment. Barring substantial comments at that point I propose the document has past last call and should be advanced. Von Word version (with change tracking): https://forge.gridforum.org/docman2/ViewProperties.php?group_id=119&category_id=450&document_content_id=3917 PDF version: https://forge.gridforum.org/docman2/ViewProperties.php?group_id=119&category_id=450&document_content_id=3918 Changes from January 2005 to current version: * ?should? to ?SHOULD? in 6.1.2 * Removed editor?s comment in 6.1.2 * Updated WSS-X509 reference. * In Appendix B: Added step about properly URI encoding hash per RFC 1630. * Updated acknowledgements. * Numerous minor editorial corrections from Tom Scavo. * Table 1: Corrected namespace prefixes to be lowercase. * Clarified second sentence of the second paragraph of 6.1.4.2. * Section 6.1.5: Changed to reflect renaming of SubjectAttributeReferenceAdvice element. * Table 1: Corrected ogsa-saml namespace to match with what is in 7.3. * Section 7.3: Removed unused xmlns:soap namespace. * Section 7.3: Corrected xmlns:samlp namespace to match what is in Table 1. * Section 11: Removed reference to ?ADF? since it was undefined in this document. * Section 10: Updated David Chadwick?s contact information. * Section 5.1: Added text clarifying what client should do if they receive an unsigned response when a signed response was requested. * Section 6.1.2: Clarified between ConfirmationMethod between when authentication was done with proxy certificates and end entity certs. * Section 6.1.4.1: Added note about moving to qualified name in future version of the document.