[mdx] Small change proposed to draft-young-md-query-saml-07

[Cantor, Scott]

> Claim: There are very few SP deployments using that code, and of those
> few, even fewer have IdP partners that assert SAML V1.1 Type 0x0002
> Artifacts. If there is even one such "perfect storm" deployment, I'd
> be surprised.

I am well aware but it has no bearing on how we maintain our software. If the server is able to handle such odd requests and fail in a normal way, that's good enough for us. All we were trying to do was grant the draft a bit of wiggle room for letting servers that wanted to index on other values do so.

> That is a far-fetched example but even so the MDQ spec is (or should
> be) very clear about what happens in this edge case. (I will followup
> with an outline of server behavior in a subsequent message.)

I don't know that it *can* be, it still exists at a layer that's divorced from the actual management of systems.

> Yes, I understand. As an aside, let me ask: Will the SAML
> implementation profile be amended to address this issue? If every
> implementation supported the SHA-1 hash of the entityID, then the
> deployer would at least have the power to work around an integration
> issue if one arose.

I'm not sure we required artifact support at all, IIRC, but I'll review it. 

-- Scott