[security-services] Approved change: AuthorityBinding element changes

[Scott Cantor <cantor.2@osu.edu>]

The committee approved the following changes to the text and schema for
the AuthorityBinding element (with Eve's suggested edits):

In core-25, section 2.4.3.2, the schema on lines 688-691 should be
replaced with:

<complexType name="AuthorityBindingType">
  <attribute name="AuthorityKind" type="saml:AuthorityKindType"
use="required"/>
  <attribute name="Location" type="anyURI" use="required"/>
  <attribute name="Binding" type="anyURI" use="required"/>
</complexType>

In core-25, replace section 2.4.3.2 with the following text:

The <AuthorityBinding> element may be used to indicate to a relying
party receiving an AuthenticationStatement that a SAML authority may be
available to provide additional information about the subject of the
statement. A single SAML authority may advertise its presence over
multiple protocol bindings, at multiple locations, and as more than one
kind of authority by sending multiple elements as needed.

AuthorityKind [Required]
The type of SAML authority (Authentication, Attribute, or Authorization
Decision) which is being advertised by the element. The kind of
authority corresponds to the derived type of SubjectQuery which the
authority expects to receive (and is likely to be able to successfully
answer) at the location being advertised. For example, a value of
"attribute" means that an AttributeQuery is expected.

Location [Required]
A URI describing how to locate and communicate with the authority, the
exact syntax of which depends on the protocol binding in use. For
example, a binding based on HTTP will be a web URL, while a binding
based on SMTP
might use the "mailto" scheme.

Binding [Required]
A URI identifying the SAML protocol binding to use in communicating with
the authority. All SAML protocol bindings will have an assigned URI.

-- Scott