OK. 1) I think we should say somewhere that you shouldn't send back multiple assertions unless it's appropriate to just combine them together. I.E. assertions from the same IDP about the same subject are probably OK, at least until we figure out what we want to do in those cases.
2) It sounds like we should start doing design work on the case of attributes coming from multiple sources at least enough to support your use cases. My personal suspicion is that I want a bit more AAA framing than we do for the single issuer case. I don't have a problem doing that standardization now. However I want to make sure that is not mandatory-to-implement and that a RP can easily tell if a situation it does not implement is happening. 3) I agree we should add a statement about non-unique name attributes to the draft. 4) I agree the comments about policy should be clarified. 5) I agree the IANA section needs all the standard things including a registration process. --Sam _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
