BTW, I don't want to make it sound like the standard attitude in an SP is "I have no idea if the IdP is actually right about this information". Obviously that's nonsensical. Just the opposite, people writing apps assume that if the IdP is "trusted", it's trusted to say what it's saying, and you (hopefully) have filters at your disposal to implement exceptions to that. Implementations without such filtering support obviously are leaving that problem to the app.
-- Scott _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
