>>>>> "Cantor," == Cantor, Scott E <[email protected]> writes:
>> Explain what it would mean to punt on this; I'm confused as to
>> how we could do that if multiple trust models are in play.
Cantor,> It's assumed that deployers are making decisions about how
Cantor,> to use attributes based on their OOB information about
Cantor,> where they come from and what's been guaranteed about
Cantor,> them. That extends to using them as input to other
Cantor,> attribute sources.
Right. I don't think we can do this and build an interoperable secure
standard. I think that the question about whether an RP that trusts the
IDP should rely on the attribute or not needs to be answered in-band.
--Sam
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
