> I want this document to either have a single trust model or to explain > how an RP and intermediate determines the trust model. > I guess that could be SAML layer if there is a good mechanism for that.
There are no standards I'm aware of in any domain for addressing attribute-related trust distinctions. That's left to applications at the moment. > Explain what it would mean to punt on this; I'm confused as to how we > could do that if multiple trust models are in play. It's assumed that deployers are making decisions about how to use attributes based on their OOB information about where they come from and what's been guaranteed about them. That extends to using them as input to other attribute sources. The filtering process, for example, imposes whatever rules might exist about who can assert particular attributes based on the assumptions the application wants to make about them. -- Scott _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
