This design document explains several important features of XSEDE's identity provider services, idp.xsede.org and CILogon. For that reason it is valuable, regardless of whether or not it meets the proposed review criteria. It will be helpful to know what we are doing in practice as we plan related activities, including the ones cited in the design document itself.
This design would be significantly more valuable if we could place it within the context of an overall security risk management plan and any related authorization assurance requirements. I'm not aware that those pieces exist, however. In their absence, I see nothing objectionable about the design described in this document.
Delivery Effort Stage:
Thanks Lee. Agreed.