Attached is a comprehensive set of comments re the OGF document "Use of SAML to retrieve Authorization Credentials" currently under Public Review. The attached document "Comments_OGF_SAMLAttributeExchange.pdf" contains all the issues I've raised previously plus one new issue (Issue 2b). The attached document "Attribute PullProfilev1.4-trs.doc" is a marked up copy of the source document under Public Review (included here for the first time). Overall, the document under Public Review, and the OASIS specification on which it depends, need a lot of work. I'm sorry I didn't realize this earlier, but as I've said, it couldn't be helped. Much has happened since the last version of "Use of SAML to retrieve Authorization Credentials" was published last March. Related to this, the OASIS "SAML V2.0 Holder-of-Key Assertion Profile" is progressing through committee at this time. Another document "SAML V2.0 Holder-of-Key Assertion Request Profile" has been drafted, but has not yet been submitted to the OASIS SSTC. With these two documents in hand, a new "SAML V2.0 Attribute Self-Query Profile" will be written, which the SSTC has agreed (in principle) to consider in due time: http://wiki.oasis-open.org/security/CfPi2008 I can't predict with any accuracy how long it will take these documents to wind their way through the OASIS process, but it could be some number of months before the specs stabilize. Tom Scavo NCSA