> Right. I don't think we can do this and build an interoperable secure > standard. I think that the question about whether an RP that trusts the > IDP should rely on the attribute or not needs to be answered in-band.
But by that measure, LDAP isn't an interoperable secure standard either. -- Scott _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
