...
- Remove overused instances of "e.g., ... etc"
- “Bulletize” the Architecture section; it's currently too much prose
- Need to address non-web-based applications
- Should we call this out even when there's not a formal SP?
- What language should we use rather than “SP”
- May need to define “SP”, “resource” or “resource provider” for purposes of this discussion
- Possibly use the term “relying party”
- Add better notes about de-anonymization of users
- Specific use case to discuss is how use of a shared proxy can de-anonymize targeted identifiers
- Some discussion about whether this could be considered inappropriate by some IdPs
- Add appendix cross reference mapping issues to sections where discussed in the report
...
- Removed comment about possible confusion of "linking to ext id," vs. "linking to internal id using external credential"