Section SDP-SP42 says that an SP's metadata must contain certificate(s) that can be used for signing. But section SDP-MD10 mentions only encryption certificates for SPs. First of all, this a bit confusing: must an SP's metadata contain a certificate suitable for signing or not? Secondly, if, in fact, an SP's metadata must contain a certificate suitable for signing, why?
Currently need for signing to the IdP is conditional based on logout, so you only have to have this if the SP supports logout.
“If logout requests are generated…”
Signing key requirement isn’t a must, needs to be moved down to “if SP supports logout”
Section SDP-SP42 says that an SP's metadata must contain certificate(s) that can be used for signing. But section SDP-MD10 mentions only encryption certificates for SPs. First of all, this a bit confusing: must an SP's metadata contain a certificate suitable for signing or not? Secondly, if, in fact, an SP's metadata must contain a certificate suitable for signing, why?
Currently need for signing to the IdP is conditional based on logout, so you only have to have this if the SP supports logout. “If logout requests are generated…” Signing key requirement isn’t a must, needs to be moved down to “if SP supports logout”