Josh, First, I would like to understand more about the situation where the IdP has neither a contract with the service provider nor with the federation to which they both belong. That is- what are the ad hoc circumstances?
Thanks, Eliot On 3/7/11 10:15 PM, Josh Howlett wrote: > Acceptor: "Is the identifier FOO associated with a user that you know about?". > IdP: "Confirm", "Deny", "Neither Confirm Nor Deny". > I suspect you would prefer a slightly different question and answer: Acceptor: "Do you authorize the current user (whose credentials you will verify or have verified) to use my local identifier FOO"? Answer: "Yes" / "no" A "yes" answer might be accompanied additional information, as allowed by policy. _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
