最近ウィンドウズのWCF、ウィンドウズ・コミュニケーション・ファウンデーションの証明書にかんして学んでいます。
Some areas I am confused by include:
1. X509 certificates are validated by the service against a "Certificate Revocation List" which can be found "online". How are these lists located? Does the certificate received provide a URL indicating where the revocation list for its issuer can be located?

2. SAML token authenticators generate a claim set from a security assertion markup language token. Are these claim sets compatible with Windows Principals, or must the token provided by the STS be mapped to windows roles in some other way?