From 0a324fd80a9a4e0108f8266946682f52151ad795 Mon Sep 17 00:00:00 2001
From: Johnny Shields <27655+johnnyshields@users.noreply.github.com>
Date: Wed, 15 Jan 2025 16:25:39 +0900
Subject: [PATCH] Update README.md

---
 README.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b1cbefae..26207d2a 100644
--- a/README.md
+++ b/README.md
@@ -963,12 +963,21 @@ end
 
 The `attribute_value` option additionally accepts an array of possible values.
 
-## SP Request UUIDs
+## SP-Originated Message IDs
 
 By default, Ruby SAML will generate UUIDs for SP requests prefixed with the `_` character,
 for example `"_ea8b5fdf-0a71-4bef-9f87-5406ee746f5b"`. To override this behavior,
 you may set `settings.sp_uuid_prefix` to a string of your choice, or `false` to use no prefix.
 
+## SP-Originated Message IDs
+
+Ruby SAML automatically generates message IDs for SP-originated messages (AuthNRequest, etc.)
+By default, this is a UUID prefixed by the `_` character, for example `"_ea8b5fdf-0a71-4bef-9f87-5406ee746f5b"`. 
+To override this behavior, you may set `settings.sp_uuid_prefix` to a string of your choice.
+Note that the SAML specification requires that this type (`xsd:ID`) be an
+[NCName](https://www.w3.org/TR/xmlschema-2/#NCName), meaning that it must start with a letter
+or underscore, and can only contain letters, digits, underscores, hyphens, and periods.
+
 ## Custom Metadata Fields
 
 Some IdPs may require to add SPs to add additional fields (Organization, ContactPerson, etc.)