Feature/is24 signservice scope in request

[martin-lindstrom]

Pull request for #24

[Razumain]

I have requested some changes in my review comments.

[Razumain]

Proposed new text:

An Identity Provider can adapt user interfaces or authentication procedures to different Service Providers either based on static configuration or based on information found in the Service Provider's metadata. It can therefore be useful for the Identity Provider to know which Service Provider that requested the signature which caused the Signature Service to request authentication in order for the Identity Provider to maintain the same user experience and procedures regardless of whether authentication is requested directly by the Service Provider, or by a Signature Service as a result of a Sign Request from the same Service Provider.

It is RECOMMENDED that the <saml2p:Scoping> element containing a <saml2p:RequesterID> element holding the entityID of the Service Provider that generated the sign request, which is associated with this <saml2p:AuthnRequest> message.

<saml2p:Scoping>
   <saml2p:RequesterID>http://www.origsp.com/sp</saml2:RequesterID>
</saml2p:Scoping>

Example when the <saml2p:RequesterID> element is used to inform the Identity Provider about which Service Provider that requested the signature associated with this request for authentication.

[Razumain]

Again, don't refer to the fact that the Service provider authenticated the user. That is not relevant. In fact the SP may not have authenticated the user at all, it may simply have asked the user to select his/her IdP.

Refer to the fact that the SP requested the signature which is the cause of authenticating the user.

[Razumain]

Make the same changes here.